Latest news of the domain name industry

Recent Posts

Freenom hit by FIFTH ICANN action after litany of screw-ups

Kevin Murphy, September 21, 2023, Domain Registrars

Is time up for Freenom? After being sued by Facebook and losing its contracts to operate ccTLDs for at least two countries, now it also has ICANN Compliance to deal with.

Its registrar arm, Netherlands-based OpenTLD, has been hit with a lengthy ICANN breach notice that alleges the company failed to allow its customers to renew and/or transfer their domains, in violation of the registrar contract.

It’s the fifth time OpenTLD has been targeted by Compliance, following breach notices in 2020, 2017 and 2015 and a notice of suspension later in 2015. ICANN says this notice is for the same sorts of failures as in 2020 and 2017.

The latest notice covers a dozen separate cases, probably the largest number in a single breach notice to date. Some of them ICANN has been investigating as far back as January 2022.

The notice says that OpenTLD failed to allow some registrants of expired domains to recover their names under the Expired Registration Recovery Policy and that some registrants were not provided with the AuthInfo codes they need to transfer their domains to other registrars upon request, which registrars have to do under the Transfer Policy.

It goes on to describe a situation where the registrar habitually did not respond to Compliance’s calls, emails or faxes.

OpenTLD apparently has not filed its 2022 Compliance Certificate with ICANN either, which it was supposed to do before January 20 this year.

The company had almost 19,000 gTLD domain names under management at the end of May, down from a 2019 peak of almost 45,000, but it’s probably better known for being Freenom, the registry behind .ml, .ga, .cf, .gq and .tk.

Domains in these five ccTLDs — mostly representing West African nations suffering under military dictatorships or civil war — were offered for free and monetized by the registry upon expiration or suspension.

But Freenom has not offered new regs in these TLD since the start of the year. Its web site blames technical problems, but it’s widely believed to be a result of the cyberquatting lawsuit filed by Facebook owner Meta in late 2022.

Mali and Gabon, of .ml and .ga, have since severed ties with Freenom. It turned out .ga had seven million domains in its zone, most of which presumably belonged to the registry.

OpenTLD has until October 11 to give ICANN evidence that it followed policy with the renewals or transfers of dozens of names domains or risk losing its accreditation.

Freenom is losing another ccTLD after collecting military emails

Controversial free domains provider is reportedly losing its contract to manage Mali’s ccTLD, its second loss in as many months.

The Financial Times quoted Freenom CEO Joost Zuurbier as saying a 10-year-deal with Mali’s government to run .ml was due to expire yesterday. I reported last month that the deal looked like it was ending.

Gabon has also cancelled its contract with Freenom, saying it was bringing the country into disrepute due to the high levels of spam and abuse associated with .ga domains.

And now it seems that along with running a stable of spam-friendly ccTLDs for a decade, Freenom has also vacuumed up over a hundred thousand emails destined for the US military, which uses the highly restricted .mil TLD.

Zuurbier told the FT that he set up email accounts at navy.ml and army.ml domains shortly after taking over .ml in 2013, and quickly started receiving emails intended for American military personnel, before shutting the accounts down.

While he said nothing was marked confidential, the extensive list of documents he reportedly received, according to the FT, appears to frequently include things you wouldn’t want your enemy to read, such as medical data and financial records.

Now that .ml is reverting to Mali government control, there’s a risk this kind of information could fall into enemy hands, the FT reported. Mali is allied to Russia, which at this point in history is no friend of the US.

Zuurbier said he’s been pestering the US government and military for the last 10 years to get them to do something about the problem. The military told the FT it blocks outgoing emails to .ml domains from its own network. There’s presumably little it can do about emails sent from other domains.

Freenom got its ICANN registrar accreditation suspended in 2015 for cybersquatting its competitors. The company is also being sued for cybersquatting by Facebook owner Meta.

It’s not been possible to register new domains in any of the company’s ccTLD since last year.

Emoji domains get a 😟 after broad study

Kevin Murphy, October 28, 2019, Domain Tech

Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.
The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.
The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.
It’s 30 pages long, and you can read it here (pdf).
Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.
But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.
That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.
Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.
The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:
Emoji comparison
If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.
There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.
In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.
Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.

Mali’s domain could change hands next week

Kevin Murphy, February 22, 2013, Domain Registries

ICANN’s board of directors will next week vote on whether to redelegate .ml, the country-code top-level domain for the war-torn nation of Mali, to a new registry operator.
The ccTLD is currently delegated to Societe des Telecommunications du Mali (Sotelma), a publicly traded telecommunications provider, but it’s not currently possible to register a .ml domain.
The reasons for a redelegation are never publicized by ICANN until after they are approved, when IANA publishes a redelegation report, so it’s not yet clear what’s going on this case.
Mali has been hitting headlines in Europe recently due to the French involvement in government efforts to retake the northern parts of the country from Islamist rebels.
Following the outbreak of hostilities a year ago, in March 2012 the Malian government was overthrown in a coup d’état that was widely condemned by the international community.
Following sanctions the military quickly ceded power to an interim president, who continues in the role today ahead of elections to find a more permanent successor, scheduled for July.
France, supported by allies including the UK, moved in to help Mali retake the north last month.
Sotelma is based in the capital, Bamako, which is not held by rebels.
The redelegation of .ml is on the main agenda — rather than the consent agenda, which is usually the case for redelegations — for ICANN’s board meeting next Thursday.