Latest news of the domain name industry

Recent Posts

ICANN throws out prostitution complaint

Kevin Murphy, August 30, 2022, Domain Policy

ICANN has rejected a complaint from a man about a web site apparently offering prostitution services.

As I reported last month, the American had filed a Request for Reconsideration with ICANN’s board of directors after his complaints to Compliance about Namecheap were rejected.

He’s unhappy that US-based Namecheap won’t take down the domain adultsearch.com, which operates as a marketplace for sex workers, many of whom are offering services that may well be illegal in most parts of the US.

But ICANN’s Board Governance Committee rejected the complaint (pdf) for lack of standing.

While the ruling is procedural, rather than substantive, the BGC does spend quite a lot of time tying itself in knots to show that while the complainant may well believe prostitution is harmful to society in general, he failed to state how he, specifically, had been harmed.

The decision also directly references the part of the request the requester has specifically asked to be redacted (but was not).

ICANN says higher domain prices may be in the public interest

Kevin Murphy, March 24, 2022, Domain Policy

ICANN is trying to get an arbitration case covering the removal of price caps in .org, .biz and .info thrown out because it is registrants, not registrars, that are left shouldering the burden of higher prices.

The argument came in January filings, published this week, in the two-year-old Independent Review Process case being pursued by Namecheap, which is trying to get price caps reinstated on the three gTLDs.

ICANN’s lawyers are saying that the case should be thrown out because Namecheap lacks standing — IRP claimants have to show they are being harmed or are likely to be harmed by ICANN’s actions.

According to ICANN, Namecheap is not being harmed by uncapped domain prices, only its customers are, so the case should be dismissed.

Drawing heavily on an analysis commissioned by ICANN from economist Dennis Carlton, ICANN’s latest IRP submission (pdf) reads:

rational economic theory predicts that if wholesale registry prices increased, Namecheap would pass on any price increases to its customers. Namecheap is one of nearly 2,500 ICANN-accredited registrars that offer domain names to registrants, and one of hundreds of ICANN-accredited registrars that offer domain names specifically in .BIZ, .INFO, and .ORG. Namecheap thus competes against many other registrars that have exactly the same access to same registries, such as .BIZ, .INFO, and .ORG,as does Namecheap, which all pay the same wholesale price for these registry input…

Given the hundreds of registrar competitors (each facing the same registry prices from the .BIZ, .INFO, and .ORG registry operators), economic theory predicts that Namecheap and other such registrars do not have significant market power. Without market power, registrars like Namecheap do not earn supra-competitive margins and cannot absorb higher input costs. As a result, economic theory, as well as common sense, predicts that Namecheap and other competing registrars must pass on higher registry wholesale prices by raising prices to registrants, with little or no resulting harm to Namecheap.

The filing goes on the suggest that higher prices might actually be in the public interest, because ICANN lacks the expertise to set price caps at an appropriate level.

the likely harms of price regulation in these three gTLDs outweigh the likely benefits of price controls. ICANN lacks the expertise to set optimal prices. Without such expertise, the danger is that ICANN could set the wrong price — one that impairs efficient market outcomes — which would ultimately harm registrants rather than protect them…

In short, Namecheap cannot demonstrate that the public interest required ICANN to maintain price control provisions in the .BIZ, .INFO, and .ORG Registry Agreements, especially given that the majority of evidence they cite either pertains to a drastically different DNS or pertains to potential harm to registrants, not registrars.

Interestingly, in almost the same breath, the filing argues that the price of .com domains, which is capped per Verisign’s agreements with ICANN and the US government, acts as an effective deterrent to runaway price increases in other gTLDs.

With its popularity, and relatively-low, regulated price, .COM acts as a check on any registry, including .BIZ, .INFO, and .ORG, that seeks to increase prices above competitive levels.

So, regulating .com prices is good because it indirectly acts as a restraint on other registries’ prices, but regulating those other registries’ prices is bad because ICANN lacks the expertise to regulate prices.

And anyway, it’s only the registrants who get harmed if prices go up.

Got it?

.org price caps: ICANN chair denies “secret” meetings

Kevin Murphy, March 24, 2022, Domain Policy

ICANN chair Maarten Botterman has denied that the board of directors approved the removal of price caps in .org, .biz and .info in “secret” meetings in 2019.

In written testimony (pdf) recently filed as part of Namecheap’s two-year-old Independent Review Process proceeding, Botterman scoffed at the idea that ICANN secretly gave the nod to the removal of price caps in 2019:

I understand that Namecheap is claiming that the Board acted in secret when deciding to go forward with the 2019 Registry Agreements. Nothing about the Board’s conduct occurred in secret. The Board did not convene a “secret” annual, regular, or special Board meeting and did not make any “secret” formal decisions or “secret” resolutions. Instead, the Board was briefed by ICANN staff regarding contract renewals that were well within their delegated authority to negotiate and execute.

Namecheap is claiming in its IRP that ICANN broke its bylaws when it renewed the .org, .info and .biz contracts without the historical price caps that all three had in place for the better part of 20 years.

It wants those decisions annulled, potentially enabling the reinstatement of the caps.

Part of its case is that ICANN failed in its transparency obligations, with Namecheap saying that the decision to remove caps was “entirely opaque” and made with “no analysis whatsoever”.

The .info, .org and .biz contracts were renewed without the ICANN board making a formal resolution or discussing them during a session that was being recorded and minuted.

Botterman, along with declarations from with fellow director Becky Burr and VP Russ Weinstein and outside lawyers’ filings, says that the extent of the board’s involvement was two briefings that occurred at workshops in January and June 2019.

ICANN staff explained to the board why it intended to go ahead with signing the cap-free contracts, and the board “saw no reason to intervene”, Botterman wrote. Staff have delegated authority to deal with contract stuff, he said.

Now, it could be argued that these meetings were not “secret” as such — ICANN board workshops are a standard event, happening in the few days leading up to each of ICANN’s thrice-yearly public meetings.

ICANN’s chair (then Cherine Chalaby) even blogs about them, posting a rough agenda beforehand and a summary of discussions a few weeks later.

In the case of the January 2019 pre-workshop post, there’s no mention whatsoever of any contract renewals. Nor is there in the post-workshop summary.

The June 2019 post-workshop post fails to mention the fact that the board had essentially given the nod to the lifting of caps at that meeting.

The pre-workshop post makes a passing, blink-and-you’ll-miss-it reference to “Göran will update the Board on the renewal of some registry agreements”, which substantially played down what was actually going on.

At that time, ICANN was well-aware that there was huge public interest in at least the .org renewal, where over 3,300 comments had been submitted, mostly objecting to the removal of price caps.

It’s possible that the first time ICANN disclosed that the discussions had even taken place was when a spokesperson told me how the .org decision was made, in July that year.

You don’t have to be a conspiracy theorist to wonder why ICANN pretty much skimmed over the whole issue in its public disclosures, even though it was the hottest topic in town at the time.

Even now, Botterman and Burr are both invoking attorney-client privilege to limit their testimony about what happened at these two workshops.

You don’t have to think anything untoward was going on to ask whether this is all paints a picture of ICANN acting “to the maximum extent feasible in an open and transparent manner”, as its bylaws requires.

Botterman says in his declaration:

The Bylaws are clear that ICANN must “operate to the maximum extent feasible in an open and transparent manner.” But I have never understood this Bylaws provision to require that every time the Board needs to get work done, or every time the Board receives a briefing from ICANN staff on a specific topic, it must do so in public or at a annual, regular or special Board meeting. Nor would such a requirement be feasible.

Namecheap offers free services to Russian dissidents

Namecheap will offer “free anonymous domain registration and free web hosting” to anti-war protest web sites based in Russia or Belarus.

The registrar said in a statement today that the move is in response to imprisoned Russian opposition leader Alexei Navalny’s call for war protests in Russia.

The offer modifies the company’s hard-line position from earlier in the week, in which it banned Russians altogether from its services and gave registrants there a week to get out.

Namecheap’s English-language customer service is based in Ukraine, including in cities under heavy bombardment this week.

Russians interested in the free hosting offer are asked to contact customer service for details.

Namecheap boss goes nuclear on Russian customers

Namecheap has banned all Russians from its services in a comprehensive, surprising, and unprecedented expression of solidarity with Ukraine, the invaded country where most of its support staff are based.

CEO Richard Kirkendall said yesterday that Namecheap, which has over 14 million domains under management, “will no longer be providing services to users registered in Russia”, in an email to Russian customers.

Namecheap says it has over 1,000 employees in Ukraine.

It uses a company there called Zone3000 for its English-language customer support, from three locations across the country, mostly in Kharkiv, one of the cities that has been particularly affected by the Russian invasion over the last five days.

Kirkendall has given Russian customers until March 6, one week from the time of the email, to move to another registrar.

The email was posted online, and I’ve confirmed with Namecheap that it’s accurate. Kirkendall said:

Unfortunately, due to the Russian regime’s war crimes and human rights violations in Ukraine, we will no longer be providing services to users registered in Russia. While we sympathize that this war may not affect your own views or opinion on the matter, the fact is, your authoritarian government is committing human rights abuses and engaging in war crimes so this is a policy decision we have made and will stand by.

If you hold any top-level domains with us, we ask that you transfer them to another provider by March 6, 2022.

I’m told the words “any top-level domains” just means ‘any domains in any TLDs’.

Kirkendall went on to say that anyone using Russian and Belarusian ccTLDs — .ru, .xn--p1ai (.рф), .by, .xn--90ais (.бел), and .su — will no longer be able to use Namecheap’s email or hosting services.

After some negative replies, accusing Namecheap of going too far, Kirkendall wrote:

We haven’t blocked the domains, we are asking people to move. There are plenty of other choices out there when it comes to infrastructure services so this isn’t “deplatforming”. I sympathize with people that are not pro regime but ultimately even those tax dollars they may generate go to the regime. We have people on the ground in Ukraine being bombarded now non stop. I cannot with good conscience continue to support the Russian regime in any way, shape or form. People that are getting angry need to point that at the cause, their own government. If more grace time is necessary for some to move, we will provide it. Free speech is one thing but this decision is more about a government that is committing war crimes against innocent people that we want nothing to do with.

It’s by some way the strongest stance anyone in the domain industry has yet taken on the war in Ukraine.

Namecheap intends to issue a formal statement outlining its position later today.

ICANN takes the lamest swipe at Namecheap et al over blockchain domains

Kevin Murphy, November 24, 2021, Domain Tech

ICANN has come out swinging against blockchain domains and the registrars that sell them. And by “come out” I mean it’s published a blog post. And by “swinging” I mean “offered the weakest criticism imaginable”.

The post starts off well enough, observing that services marketed as “domain names” that are not automatically compatible with the global DNS are probably not a great purchase, because they don’t work like regular domains.

Using these alternatives requires something like a browser plug-in or to reconfigure your device to use a specialist DNS resolver network, the post notes, before concluding with a brief caveat emptor message.

All good stuff. ICANN has been opposed to alt-root domain efforts for at least 20 years, and the policy is even enshrined in so-called ICP-3, which nobody really talks about any more but appears to still be the law of ICANN Land.

So, which domain-alternatives is ICANN referring to here, and which registrars are selling them? The post states:

Name resolution systems outside the DNS have existed for a long time. One could mention the Sun Microsystem Network Information Service (NIS), the Digital Object Architecture (DOA), or even the Ethereum Name Service (ENS)…

With some ICANN-accredited registrars now selling NIS, DOA, or other similar domains alongside standard domain names, the potential for confusion among unsuspecting customers seems high.

You may be asking: what the heck (or, if you’re like me, fuck) are NIS and DOA domains, and which registrars are selling them?

Great questions.

NIS is an authentication protocol (a bit like LDAP) for Unix networks developed in 1985 (the same year the original DNS standard was finalized) by Sun Microsystems, a company that hasn’t existed in over a decade.

To the best of my knowledge they’ve never been marketed as an alternative to regular domain names. Nobody’s ever used them to address a publicly available web site. Nobody sells them.

DOA, also known as the Handle System, is a more recent idea, first implemented in 1994, before some of you were born. Handles are mostly numeric strings used to address digital objects such as documents. Libraries use them.

The main thing to know about Handles for the purposes of this article is that they’re specifically designed to convey no semantic information whatsoever. They’re not designed to look like domain names and they’re not used that way.

So how many registrars are selling NIS/DOA domains? I haven’t checked them all, but I’m going to go out on a pretty sturdy limb and guess the answer is “none”, which is a lot less than the “some” that ICANN asserts.

But ICANN also mentions the Ethereum Name Service, a much newer and sexier way of cybersquatting, based on the Ethereum cryptocurrency blockchain.

ENS allows people to buy .eth domain names (which do not function in the consensus DNS) for the Ethereum equivalent of about $5. As far as I can tell, you can only buy them through ens.domains, and no ICANN-accredited registrar is functionally capable of selling them.

The ICANN post also contains a brief mention of “Handshake”, and this appears to be what ICANN is actually worried about.

Handshake domains, also known as HNS, look like regular domain names and a handful of ICANN-accredited registrars are actually selling them.

Handshake is also based on blockchain technology, but unlike ENS it also allows people to create their own TLDs (which, again, do not function without special adaptations). Registrars including Namecheap, 101domain and EnCirca sell them.

It’s Namecheap’s storefront hover text, warning that HNS domains don’t work in the regular DNS, that ICANN appears to be paraphrasing in its blog post.

The registrar has a lengthy support article explaining some of the ways you can try to make a Handshake domain work, including an interactive comment thread in which a Namecheap employee suggests that DNS resolvers may choose to resolve HNS TLDs instead of conflicting TLDs that ICANN approves in future.

That’s the kind of thing that should worry ICANN, but it’s got a funny way of expressing that concern. Sun Microsystems? Digital Object Architecture? What’s the message here?

Twenty years ago, I interviewed an ICANN bigwig about New.net, one of the companies attempting to sell alt-root domains at the time. He told me bluntly the company was “breaking the internet” and “selling snake oil”, earning ICANN a snotty lawyer’s letter.

Today’s ICANN post was ostensibly authored by principal technologist Alain Durand, but I’m going to give him the benefit of the doubt and assume comms and legal took their knives to it before it was published.

While some things haven’t changed in the last two decades, others have.

.com and NameSilo fingered as “most-abused” after numbers rocket

SpamHaus has revealed the most-abused TLDs and registrars in its second-quarter report on botnets.

The data shows huge growth in abuse at Verisign’s .com and the fast-growing NameSilo, which overtook Namecheap to top the registrar list for the first time.

Botnet command-and-control domains using .com grew by 166%, from 1,549 to 4,113, during the quarter, SpamHaus said.

At number two, .xyz saw 739 C&C domains, up 114%.

In the registrar league table, NameSilo topped the list for the first time, unseating Namecheap for the first time in years.

NameSilo had 1,797 C&C domains on its books, an “enormous” 594% increase. Namecheap’s number was 955 domains, up 52%.

Botnets are one type of “DNS abuse” that even registrars agree should be acted on at the registrar level.

The most-abused lists and lots of other botnet-related data can be found here.

Price caps on .org could return, panel rules

Kevin Murphy, April 27, 2021, Domain Policy

ICANN could be forced to reimpose price caps on .org, .biz and .info domains, an Independent Review Process panel has ruled.

The panel handling the IRP case filed by Namecheap against ICANN in February 2020 has decided to allow the registrar to continue to pursue its claims that ICANN broke its own bylaws by removing price controls from the three gTLD contracts.

Conversely, in a win for ICANN, the panel also threw out Namecheap’s demand that the IRP scrutinize ICANN’s conduct during the attempted takeover of .org’s Public Interest Registry by Ethos Capital in 2019.

The split ruling (pdf) on ICANN’s motion to dismiss Namecheap’s case came March 10 and was revealed in documents recently published by ICANN. The case will now proceed on the pricing issue alone.

The three-person panel decided that the fact that ICANN ultimately decided to block Ethos’ acquisition of PIR meant that Namecheap lacked sufficient standing to pursue that element of its case.

Namecheap had argued that ICANN’s opaque processing of PIR’s change of control request created uncertainty that harmed its business, because ICANN may approve such a request in future.

But the panel said it would not prejudge such an eventuality, saying that if another change of control is approved by ICANN in future, Namecheap is welcome to file another IRP complaint at that time.

“Harm or injury flowing from possible future violations by the ICANN Board regarding change of control requests that are not presently pending and that may never occur does not confer standing,” the panel wrote.

On the pricing issue, the panel disagreed with ICANN’s argument that Namecheap has not yet been harmed by a lack of .org price caps because PIR has not yet raised its .org prices.

It said that increased prices in future are a “natural and expected consequence” of the lack of price controls, and that to force Namecheap to wait for such increases to occur before filing an IRP would leave it open to falling foul of the 12-month statute of limitations following ICANN decision-making baked into the IRP rules.

As such, it’s letting those claims go ahead. The panel wrote:

This matter will proceed to consideration of Namecheap’s request for a declaration that ICANN must annul the decision that removed price caps in the .org, .info and .biz registry agreements. The Panel will also consider Namecheap’s request for a declaration that ICANN must ensure that price caps from legacy gTLDs can only be removed following policy development process that takes due account of the interests of the Internet user and with the involvement of different stakeholders. The Panel will consider Namecheap’s request for a declaration that “registry fees… remain as low as feasible consistet with the maintenance of good quality service” within the context of removal of price caps (not in the context of regulating changes of control).

In other words, if Namecheap prevails, future price caps for pre-2012 gTLDs could be decided by the ICANN community, with an assumption that they should remain as low as possible.

That would be bad news for PIR, as well as .info registry Donuts and .biz registry GoDaddy.

But it’s important to note that the IRP panel has not ruled that ICANN has done anything wrong, nor that Namecheap is likely to win its case — the March 10 ruling purely assesses Namecheap’s standing to pursue the IRP.

The panel has also significantly extended the proposed timeline for the case being resolved. There now won’t be a final decision until 2022 at the earliest.

The panel last week delayed its final hearing in the case from August this year to January next year, according to a document published this week.

Other deadlines in the case have also been pushed backed weeks or months.

Facebook gunning for Web.com in latest $27 million-plus cybersquatting lawsuit

Kevin Murphy, April 16, 2021, Domain Registrars

Facebook has sued what it believes is a Web.com subsidiary, claiming the company has been engaged in wholesale cybersquatting for well over a decade.

The complaint, filed in a Pennsylvania District Court, alleges that New Venture Services Corp current owns 74 domains, and has previously owned 204 more, that infringe its Facebook, Instagram and WhatsApp trademarks.

While no other named defendants are listed, the complaint makes it abundantly clear that it believes NVSC is a subsidiary of Web.com and a sister of Network Solutions, Register.com, SnapNames and Perfect Privacy.

Facebook is suing partly under the Anti-Cybersquatting Consumer Protection Act, allowing it to claim $100,000 damages per infringing domain, so we’re looking at a floor of $27.8 million of potential damages should the lawsuit be successful.

But it’s also looking for NVSC to hand over any profits it’s made from the domains in question, which are generally parked with ads and listed for sale via the SnapNames network for premium fees.

While NVSC is registered in the British Virgin Islands and uses a Pennsylvania post office box as its mailing address, there’s a wealth of evidence going back to 2007 that it’s been affiliated first with NetSol and then Web.com.

Web.com’s last regulatory filing before it went private in 2017 lists NVSC as a subsidiary, which is probably the most compelling piece of evidence establishing ownership.

It appears that NVSC is a shell company that Web.com uses to hold potentially valuable or traffic-rich domains that its customers have allowed to expire. The names are then parked and put up for resale.

Example domains listed in the complaint include httpinstagram.com, faceebbok.com, facebooc.net, instagram-login.com, and installwhatsapps.com.

One would have to assume these names were captured using a fully automated process; even a cursory human review would clock that they’re useful only to bad actors.

The lawsuit is the latest in Facebook’s crusade against mainstream registrars it believes are profiting by infringing its trademarks, which has already ensnared Namecheap a year ago and OnlineNIC in October 2019.

Namecheap recently filed a counterclaim in which it tries to get some of Facebook’s trademarks cancelled.

Facebook has all but admitted that putting legal pressure on registrars is part of its strategy when it comes to getting the policies it wants out of ICANN on privacy and Whois access, where there’s currently an impasse.

Here’s the complaint (pdf).

Nominet members wail as ousted director made CEO

Nominet has been accused of being “tone deaf” to its members’ criticisms after it appointed two staffers to its board of directors and named a recently ousted director as interim CEO.

The .uk registry told members last week that Eleanor Bradley will occupy the corner office “for approximately 6 months” while a permanent replacement for Russel Haworth is sought.

Haworth quit last month rather than face the wrath of members at an Extraordinary General Meeting that shortly thereafter voted to remove Bradley and three other directors from the board.

Bradley has been with the company for many years and was head of registry at Nominet, and seems like an obvious pick for an internal appointment, but members took to social media to express their displeasure.

The EGM was held after a campaign to round up the votes at PublicBenefit.uk, organized by Simon Blackler of Krystal Hosting. Members had hoped to install Sir Michael Lyons and Axel Pawlik on the board as chair and deputy chair.

But Nominet said that its bylaws would not allow directors to be selected this way, and there was no vote on that motion.

Instead, after the vote, relatively new director Rob Binns has taken the acting chair’s job and CIO Adam Leach and company secretary Rory Kelly joined the board from staff.

Binns informed the members of the appointments in a letter March 31 (pdf), which also said that Pawlik has been offered a consulting gig but had declined.

While eating a generous slice of humble pie, assuring members that the EGM was “an opportunity to reset and begin rebuilding the relationship between membership and Nominet”, the plan for the company he outlined was not a million miles away from the plan Nominet had put forward to address members’ concerns under its previous management.

Crucially, Nominet is still backing its non-core security business, which many members believe is an unnecessary diversification that diverted focus from the registry and profits from public benefit causes.

Binns said: “We believe those capabilities are integral to the public benefit we provide, so we want to develop a refreshed structure that protects that capability while addressing members’ desire for Nominet to focus more on its core activities.”

He also backed plans for a Registry Advisory Council, which would have seats for members, and said Nominet will bring back its web-based member discussion forum, which was closed down last year.

His letter contains no mention of reducing prices, one of the five big asks the PublicBenefit.uk campaign made.

Most of the social media reaction to Binns’ letter was negative. Notably, Richard Kirkendall, CEO of Namecheap, one of the largest registrars to publicly expressed its support for the campaign, tweeted:

Others had similar points of view, and some speculated that a second EGM may be required to set Nominet on the path the majority of its members appear to want.