Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
Namecheap accuses GoDaddy of delaying transfers
GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.
March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.
It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.
But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.
“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.
Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.
GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.
However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.
Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?
Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.
This time, the company insists the white-list was not an issue, writing:
As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.
Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.
The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.
Transferring domains gets more complex this week
A new anti-hijacking domain name transfer policy comes into effect this week at all ICANN-accredited registrars, potentially complicating the process of not only selling domains but also updating your own Whois records.
But many registrars have already rewritten their terms of service to make the new rules as hassle-free as possible (and essentially pointless).
From December 1, the old ICANN Inter-Registrar Transfer Policy starts governing inter-registrant transfers too, becoming simply the Transfer Policy.
Now, when you make updates to your Whois records that appear to suggest new ownership, you’ll have to respond to one or two confirmation emails, text messages or phone calls.
The policy change is the latest output of the interminable IRTP work within ICANN’s GNSO, and is designed to help prevent domain hijacking.
But because the changes are likely to be poorly understood by registrants at the outset, it’s possible some friction could be added to domain transfers.
Under the new Transfer Policy, you will have to respond to confirmation emails if you make any of the following:
- A change to the Registered Name Holder’s name or organization that does not appear to be merely a typographical correction;
- Any change to the Registered Name Holder’s name or organization that is accompanied by a change of address or phone number;
- Any change to the Registered Name Holder’s email address.
While registrars have some leeway to define “typographical correction” in their implementation, the notes to the policy seem to envisage single-character transposition and omission errors.
Registrants changing their last names due to marriage or divorce would apparently trigger the confirmation emails, as would transfers between parent and subsidiary companies.
The policy requires both the gaining and losing registrant to verify the “transfer”, so if the registrant hasn’t actually changed they’ll have to respond to two emails to confirm the desired changes.
Making any of the three changes listed above will also cause the unpopular 60-day transfer lock mechanism — which stops people changing registrars — to trigger, unless the registrant has previously opted out.
Registrars are obliged to advise customers that if the change of registrant is a prelude to an inter-registrar transfer, they’d be better off transferring to the new registrar first.
The new policy is not universally popular even among registrars, where complexity can lead to mistakes and therefore support costs.
Fortunately for them, the Transfer Policy introduces the concept of “Designated Agents” — basically middlemen that can approve registrant changes on your behalf.
Some registrars are taking advantage of this exception to basically make the confirmation aspects of the new policy moot.
Calling the confirmation emails an “unnecessary burden”, EuroDNS said last week that it has unilaterally made itself every customer’s Designated Agent by modifying its terms of service.
Many other registrars, including Tucows/OpenSRS, NameCheap and Name.com appear to be doing exactly the same thing.
In other words, many registrants will not see any changes as a result of the new Transfer Policy.
The truism that there’s no domain name policy that cannot be circumvented with a middleman appears to be holding.
Cops can’t block domain transfers without court order, NAF rules
Law enforcement and IP owners were dealt a setback last week when the National Arbitration Forum ruled that they cannot block domain transfers unless they have a court order.
The ruling could make it more difficult for registrars to acquiesce to requests from police trying to shut down piracy sites, as they might technically be in breach of their ICANN contracts.
NAF panelist Bruce Meyerson made the call in a Transfer Dispute Resolution Policy ruling after a complaint filed by EasyDNS against Directi (PublicDomainRegistry.com).
You’re probably asking right about now: “The what policy?”
I had to look it up, too.
TDRP, it turns out, has been part of the ICANN rulebook since the Inter-Registrar Transfer Policy was adopted in 2004.
It’s designed for disputes where one registrar refuses to transfer a domain to another. As part of the IRTP, it’s a binding part of the Registrar Accreditation Agreement.
It seems to have been rarely used in full over the last decade, possibly because the first point of complaint is the registry for the TLD in question, with only appeals going to a professional arbitrator.
Only NAF and the Asian Domain Name Dispute Resolution Centre are approved to handle such cases, and their respective records show that only one TDRP appeal has previously filed, and that was in 2013.
In the latest case, Directi had refused to allow the transfer of three domains to EasyDNS after receiving a suspension request from the Intellectual Property Crime Unit of the City of London Police.
The IPCU had sent suspension requests, targeting music download sites “suspected” of criminal activity, to several registrars.
The three sites — maxalbums.com, emp3world.com, and full-albums.net — are all primarily concerned with hosting links to pirated music while trying to install as much adware as possible on visitors’ PCs.
The registrants of the names had tried to move from India-based Directi to Canada-based EasyDNS, but found the transfers denied by Directi.
EasyDNS, which I think it’s fair to say is becoming something of an activist when it come to this kind of thing, filed the TDRP first with Verisign then appealed its “No Decision” ruling to NAF.
NAF’s Meyerson delivered a blunt, if reluctant-sounding, win to EasyDNS:
Although there are compelling reasons why the request from a recognized law enforcement agency such as the City of London Police should be honored, the Transfer Policy is unambiguous in requiring a court order before a Registrar of Record may deny a request to transfer a domain name… The term “court order” is unambiguous and cannot be interpreted to be the equivalent of suspicion of wrong doing by a policy agency.
To permit a registrar of record to withhold the transfer of a domain based on the suspicion of a law enforcement agency, without the intervention of a judicial body, opens the possibility for abuse by agencies far less reputable than the City of London Police.
That’s a pretty unambiguous statement, as far as ICANN policy is concerned: no court order, no transfer block.
It’s probably not going to stop British cops trying to have domains suspended based on suspicion alone — the Metropolitan Police has a track record of getting Nominet to suspend thousands of .uk domains in this way — but it will give registrars an excuse to decline such requests when they receive them, if they want the hassle.
Delinquent top 20 registrar not delinquent after all
China’s largest domain name registrar isn’t shirking its ICANN fees, despite previous allegations to the contrary.
Xin Net, which has over 1.6 million gTLD domains under management, received a breach notice from ICANN last month which stated that the company was $2,000 in arrears with its payments.
The company was given until August 22 to correct the problem or risk losing its accreditation.
But in a subsequent compliance notice ICANN admitted that “due to an error the registrar’s account reflected a delinquent balance”.
The admission was buried deep in the notice and not immediately obvious to anyone browsing ICANN’s compliance pages.
The original notice also alleged a breach of the Inter-Registrar Transfer Policy with respect to the domain names rongzhu.net, qsns.net and zuixincn.com, which was not an error.
ICANN posts breach notices to its web site fairly regularly — 84 of them since mid-2008 — and more often than not they allege failure to pay fees in addition to other problems.
Go Daddy’s 60-day transfer lock can now be removed
One of Go Daddy’s most unpopular practices – the infamous 60-day domain name transfer lock – has essentially come to an end.
From today, customers will be able to unlock their domains before the period is up, by contacting a special support team, according to director of policy planning James Bladel.
For many years Go Daddy has blocked domains from being transferred to other registrars if changes have been made to the registrant contact information within the last 60 days.
The company alerts users to the lock before they make changes to their Whois data, but that hasn’t stopped the policy bugging the hell out of domainers and regular registrants.
It’s designed to prevent domain hijackings – something Go Daddy says it does very well – but when false positives occur it often looks like a nefarious customer retention strategy.
“It’s a very effective tool for preventing harm, but it does catch out a lot of folks who want to legitimately change registrant data,” Bladel said.
Under the new policy, if Go Daddy blocks a transfer because of the 60-day lock, registrants will be given an email address to contact in order to appeal the block.
According to Bladel, after a human review the locks will be lifted and the Whois data will revert to its original state, unless the Go Daddy support team suspects a hijacking is in progress.
“The bad guys are not going to call and ask us to take a second look at this,” he said. “The bad guys want it to happen under the radar.”
The changes come thanks largely to a new revision of ICANN’s Inter-Registrar Transfer Policy, which came into effect today and specifies that transferring registrants need to be given a way to remove the locks on their domains within five days.
But Bladel said the way the policy is written gave Go Daddy a lot of leeway in how to interpret it – it could have kept the locks in place as before – but it decided to revise its policy to improve the customer experience.
End in sight for Go Daddy’s 60-day transfer lock
Go Daddy’s unpopular 60-day domain name lockdown period, which prevents customers moving to other registrars, could be reduced to as little as five days under new ICANN policy.
ICANN’s GNSO Council this week voted to amend the Inter-Registrar Transfer Policy, which is binding on all registrars, to clarify when and how a registrar is allowed to block a transfer.
Today, Go Daddy has a policy of preventing transfers for 60 days whenever the registrant’s name is changed in the Whois record.
It’s designed to help prevent domain name hijacking, but to many customers it’s frustrating and looks shady; as a result it’s one of the most frequently cited criticisms of the company.
Other registrars may have similar policies, but Go Daddy is the only one you ever really hear complaints about.
Some have even posited that the practice violates the IRTP, which explicitly prevents registrars spuriously locking domains when customers update their Whois.
But ICANN’s compliance department has disagreed with that interpretation, drawing a distinction between “Whois changes” (cannot block a transfer) and “registrant changes” (can block a transfer).
Essentially, if you change your name in a Whois record the domain can be locked by your registrar, but if you change other fields such as mailing address or phone number it cannot.
Go Daddy and other registrars would still be able prevent transfers under the revised policy, but they would have to remove the block within five days of a customer request.
This is how ICANN explains the changes:
Registrar may only impose a lock that would prohibit transfer of the domain name if it includes in its registration agreement the terms and conditions for imposing such lock and obtains express consent from the Registered Name Holder: and
Registrar must remove the “Registrar Lock” status within five (5) calendar days of the Registered Name Holder’s initial request, if the Registrar does not provide facilities for the Registered Name Holder to remove the “Registrar Lock” status
Registrars may have some freedom in how they implement the new policy. Unblocking could be as simple as checking a box in the user interface, or it could mean a phone call.
Go Daddy, which was an active participant in the IRTP review and says it supports the changes, supplied a statement from director of policy planning James Bladel:
In the coming months, Go Daddy is making a few changes to our policy for domains in which the registrant information has changed.
We believe this new procedure will continue to prevent hijacked domain names from being transferred away, while making the transfer experience more user-friendly for our customers.
The changes were approved unanimously by the GNSO Council at its meeting on Thursday.
Before they become binding on registrars, they will have to be approved by the ICANN board of directors too, and the soonest that could happen is at its February 16 meeting.
The changes are part of a package of IRTP revisions – more to come in the near future – that have been under discussion in the ICANN community since 2007. Seriously.
Go Daddy’s 60-day domain lockdown loophole
Perhaps the most common complaint of the many leveled at Go Daddy over the years is that it refuses to allow customers to transfer domains to another registrar for 60 days after an ownership change.
The latest person to fire this criticism at the company is tech blogger Scott Raymond, who published a lengthy tirade against Go Daddy and its policy on ZDNet today.
Raymond points out that Go Daddy seems to be in violation of ICANN’s Inter-Registrar Transfer Policy, which explicitly prohibits the rejection of a transfer request due to a recent Whois change.
He’s not alone. Even Andrew Allemann of Domain Name Wire, hardly Go Daddy’s fiercest critic, said as recently as May that he thinks the company is in violation of the IRTP.
With good reason – this April 2008 ICANN advisory seemed to be specifically written with a ban on Go Daddy’s 60-day policy in mind.
But is the company non-compliant? ICANN doesn’t seem to think so.
I’ve tracked down this November 2009 email from David Giza, then ICANN’s head of compliance, in which he describes what seems to amount to a loophole Go Daddy and other registrars exploit.
Giza explains that the 2008 advisory “only addresses mandatory updates to Whois contact information, not a transfer or assignment to a new registrant”.
Registrants are obliged to keep their Whois data up-to-date; that’s what he means by “mandatory”.
Giza’s email adds:
the transfer policy does not prohibit registrars from requiring registrants to agree to the blocking of transfer requests as a condition for registrar facilitation of optional services such as the transfer of a registration to a new registrant.
We understand GoDaddy.com’s 60-day lock is a voluntary opt-in process where registrants are made aware of and agree to the restriction that the domain name is not to be transferred for 60-days following the completion of transfer. As such, this practice is not prohibited by the transfer policy.
In other words, there are “Whois Changes” and there are “Registrant Changes”, and registrars are only allowed to trigger a lock-down in the latter case, according to Giza.
And according to DNW’s reporting on the subject, that’s exactly what Go Daddy continues to do — locking the domain if certain fields in the registrant record are changed.
So the 60-day lock appears to be kosher, at least in the opinion of ICANN’s erstwhile compliance chief. Whether that could change under the department’s new management is unknown.
As it happens, the subject was raised by a recent working group that was looking into revising the IRTP, but it was so contentious that consensus could not be found.
The problem has been bounced down the road. The most recent mention came in this ICANN issue report (pdf, page 14-15).
Anyway, if I lost you several paragraphs ago, the net result of all this seems to be that Go Daddy probably isn’t breaking the rules, but that nobody can agree whether that’s a good thing or not.
The fact that one has to do this much digging into ICANN esoterica just to figure out whether Go Daddy is screwing its customers over isn’t very reassuring, is it?
Recent Comments