Donuts rolls out free phishing attack protection for all registrants

Donuts is offering registrants of domains in its suite of new gTLDs free protection from homograph-based phishing attacks.

These are the attacks where a a bad guy registers a domain name visually similar or identical to an existing domain, with one or more characters replaced with an identical character in a different script.

An example would be xn--ggle-0nda.com, which can display in browser address bars as “gοοgle.com”, despite having two Cyrillic characters that look like the letter O.

These domains are then used in phishing attacks, with bad actors attempting to farm passwords from unsuspecting victims.

Under Donuts’ new service, called TrueNames, such homographs would be blocked at the registry level at point of sale at no extra cost.

Donuts said earlier this year that it intended to apply this technology to all current and future registrations across its 250-odd TLDs.

The company has been testing the system at its registrar, Name.com, and reckons the TrueNames branding in the shopping cart can lead to increased conversions and bigger sales of add-on services.

It now wants other registrars to sign up to the offering.

It’s not Donuts’ first foray into this space. Its trademark-protection service, Domain Protected Marks List, which has about 3,500 brands in it, has had homograph protection for a few years.

But now it appears it will be free for all customers, not just deep-pocketed defensive registrants.

Amazon finally gets its dot-brands despite last-minute government plea

Amazon’s three long-sought dot-brand gTLDs were added to the DNS root last night, despite an eleventh-hour attempt by South American governments to drag the company back to the negotiating table.

.amazon, along with the Japanese and Chinese translations — .アマゾン (.xn--cckwcxetd) and .亚马逊 (.xn--jlq480n2rg) — and its NIC sites have already gone live.

Visiting nic.amazon today will present you with a brief corporate blurb and a link to Amazon’s saccharine social-responsibility blog. As a dot-brand, only Amazon will be allowed to use .amazon domains.

The delegations come despite a last-minute plea to ICANN by the eight-government Amazon Cooperation Treaty Organization, which unsuccessfully tried to insert itself into the role of “joint manager” of the gTLDs.

ACTO believes its historical cultural right to the string outweighs the e-commerce giant’s trademark, and that its should have a more or less equal role in the gTLD’s management.

This position was untenable to Amazon, which countered with a collection of safeguards protecting culturally sensitive strings and various other baubles.

Talks fell through last year and ICANN approved the gTLDs over ACTO’s objections.

ACTO’s secretary-general, Alexandra Moreira, wrote to ICANN (pdf) May 21 to take one last stab at getting Amazon back in talks, telling CEO Göran Marby:

the name “Amazon” pertains to a geographical region constituting an integral part of the heritage of its countries. Therefore, we Amazonians have the right to participate in the governance of the “.amazon” TLD.

…

Our side is ready to resume negotiations on the TLD’s governance with the Amazon Corporation., from the point where their side interrupted it, with a view to arriving at a satisfactory agreement.

Her letter came in response to an earlier Marby missive (pdf) that extensively set out ICANN’s case that talks fell apart due to ACTO repeatedly postponing and cancelling scheduled meetings.

Despite the fact that Amazon’s basically got what it wanted, seven years after filing its gTLD applications, ACTO’s members didn’t get nothing.

The contracts Amazon signed with ICANN back in December have Public Interest Commitments in them that allow the governments to reserve up to 1,500 culturally sensitive strings from registration, as well as giving each nation its own .amazon domain.

CSC removes reference to “retiring” new gTLD domain after retiring new gTLD domain

The corporate registrar and new gTLD management consultant CSC Global has ditched a new gTLD domain in favor of a .com, but edited its announcement after the poor optics became clear.

In a brief blog post this week, the company wrote:

We’re retiring cscdigitalbrand.services to give you a more user-friendly interface at cscdbs.com.

From the trusted provider of choice for Forbes Global 2000 companies, this more user-friendly site is filled with information you need to secure and protect your brand. You’ll experience a brand new look and feel, at-a-glance facts and figures, learn about the latest digital threats, access our trusted resources, and see what our customers are saying.

Visit the site to learn more about our core solutions: domain management, domain security, and brand and fraud protection.

But the current version of the post expunges the first paragraph, referring to the retirement of its .services domain, entirely.

I’m going to guess this happened after OnlineDomain reported the move.

But the original text is still in the blog’s cached RSS feed at Feedly.

It’s perhaps not surprising that CSC would not want to draw attention to the fact that it’s withdrawn to a .com from a .services, the gTLD managed by Donuts.

After all, CSC manages dozens of new gTLDs for clients including Apple, Yahoo and Home Depot, and releases quarterly reports tracking and encouraging activation of dot-brands.

Interestingly, and I’m veering a little off-topic here, there is a .csc new gTLD but CSC does not own it. It was delegated to a company called Computer Sciences Corporation (ironically through an application managed by CSC rival MarkMonitor) which also owns csc.com.

Computer Sciences Corporation never really got around to using .csc, and in 2017 merged with a unit of HP to form DXC Technology.

If you visit nic.csc today, you’ll be redirected to dxc.technology/nic, which bears a notice that it’s the “registry for the .dxc top-level domain”.

Given that the .dxc top-level domain doesn’t actually exist, I think this might make DXC the first company to openly declare its intent to go after a dot-brand in the next round of new gTLDs.

Google launches .meet gTLD after Meet service goes free during lockdown

Google Registry is to launch its .meet gTLD next week with a sunrise period for trademark owners, but, perhaps controversially, it intends to keep the rest of the domains for itself.

It is expected that the company plans to use .meet domains in its Google Meet conferencing service, which was recently revamped and went free-to-use after Google realized that rival Zoom was eating its lunch during the coronavirus lockdown.

Google bought the .meet gTLD from Afilias back in 2015 but has kept it unused so far, even after the Meet service opened in 2017.

But according to ICANN records, it’s due to go into a one-month sunrise period from May 25, with an open-ended Trademark Claims period from June 25.

In a brief statement on its web site Google says:

Google Registry is launching the .meet TLD. This domain is Spec 9/ROCC exempt, which means we will be the registrant for all domains on the TLD and it will not be made generally available. The RRA for the TLD is available upon request, but registrations on behalf of the registry will be processed through a small number of registrars with whom the relevant product teams at Google work.

Translated from ICANN-speak, this means that Google has an exemption from Specification 9 in its .meet registry contract, releasing it from the Registry Operator Code of Conduct, which obliges registries to treat all registrars equally.

This means Google can’t sell the domains to anyone else, nor can it allow them to be controlled by anyone else, and it can use a limited pool of registrars to register names.

Spec 9 is a bit different to Spec 13, which exempts dot-brands from ICANN trademark-protection rules such as sunrise and Trademark Claims. You could argue that Spec 9 is “dot-brand lite”.

But what both Spec 9 and Spec 13 have in common is that they can’t be used in gTLDs ICANN considers a “generic string”, which is defined as:

a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.

Does .meet qualify there? It’s undoubtedly a dictionary word, but does it also describe a class of things? Maybe.

Google’s search engine itself gives one definition of “meet” as “an organized event at which a number of races or other athletic contests are held”, which one could reasonably argue is a class of services.

When Afilias applied for .meet in 2012, it expected it to be used by dating sites.

Google did not addresses the non-genericness of the string in its Spec 9 application. That judgement appears to have been made by ICANN alone.

Previously, requests for Spec 9 exemptions from the likes of .giving, .star, .analytics, .latino, .mutual, and .channel have been rejected or withdrawn.

It seems that Spec 9 exemption is going to somewhat limit .meet’s utility, given that third-parties will not be able to get “control or use of any registrations”.

Domain industry likely to suffer from coronavirus as ICANN slashes budget by 8%

ICANN is predicting a miserable time for the domain name industry due to the coronavirus pandemic, today announcing that it’s slashing its revenue outlook for the next year by 8%.

The organization expects to receive revenue of $129.3 million for the fiscal year beginning July 1. That’s $11.1 million lower than its previous estimate, which was made in December.

ICANN’s budget is based on projections based on previous industry performance and its accountants’ conversations with registries and registrars, so this is another way of saying that it expects the industry to suffer due to the pandemic.

ICANN said in its newly revised budget:

ICANN org funding may be impacted because the economic crisis stemming from the pandemic has the potential to impact the funding from domain name registrations and contracted parties through the end of FY20 and into the first months of FY21. ICANN org also anticipates there may be long-lasting effects of such impacts. At the time this document is published, the impact cannot yet be quantified.

The drill-down is not great, showing that ICANN expects registries and registrars in both legacy and new gTLDs to be hit.

New gTLDs are predicted to be hit hardest, with revenue from registry transaction fees dropping by a full 33% from its FY20 forecast. That’s a drop from $6.7 million to $4.5 million.

Extrapolating from its $0.25 registry fee, that means ICANN thinks there will be 8.8 million fewer billable transactions — registrations, renewals and transfers in new gTLDs with over 50,000 names — for the year ending June 30, 2021.

Expected revenue from registrars selling new gTLDs has also been slashed by a third, down from $5.3 million this year to $3.5 million next year.

Legacy gTLDs are expected to fare a little better.

ICANN predicts transaction revenue from legacy gTLDs to decrease over the period, down to $47.7 million in FY21 from $49 million in FY20. Registrars selling legacy gTLDs are expected to bring in revenue of $29.7 million, down from $33.3 million.

That also represents shrinkage measured in the millions of domains.

It gets worse. ICANN is also expecting the number of registries and registrars to decrease even faster over the course of the next year.

It thinks it will end June with 1,174 fee-paying registries, but for this to decrease by 62 in FY21. It decreased by 29 in FY20. Many of these will probably be unused dot-brands having their contracts cancelled.

On the registrar side, it expects to lose 380 accreditations in FY21, compared to a loss of 104 this fiscal year, to end FY21 with 1,977 registrars.

ICANN does not expect its voluntary contributions from ccTLDs and Regional Internet Registries to decrease, but it does expect to lose a few hundred thousand bucks from the absence of sponsorship of its in-person meetings.

This overall predicted decrease in funding has led to a matching decrease in planned expenditure, with ICANN saying it will operate with “increased prudence, frugality, and with heightened conditions of necessity”.

It’s going to save 20% less on travel — $12.4 million — due to coronavirus-related restrictions, but seems to still be planning to take the industry to Hamburg in October for ICANN 69 (even though Munich has cancelled Oktoberfest this year).

ICANN also plans to delay some projects and to reduce its average headcount by 15 to 395.

The lower budget projections come even as some registries —including CentralNic, which looks after some very large new gTLDs — have said they expect the financial impact of coronavirus to be minimal.

The revised budget is published here and ICANN’s board may approve it as early as next week.

Four more dot-brands join the gTLD deadpool

Four big-brand gTLDs have asked ICANN to terminate their contracts so far this year, bringing the total number of voluntarily discontinued strings to 73.

Notable among the terminations are two of the three remaining gTLDs being held by luxury goods maker Richemont, both of them Chinese-language generics.

It’s dumped .珠宝 (.xn--pbt977c) which is “.jewelry”, and .手表 (.xn--kpu716f) which is “.watches”.

The company, which applied for 14 gTLDs in the 2012 round, has already gotten rid of nine dot-brands. Only the English-language .watches remains of its former portfolio.

Also being terminated is .esurance, named for an American insurance provider owned by Allstate. This appears to be related to Allstate’s plan to discontinue the Esurance brand altogether this year.

There is still one .esurance domain active and listed in Google’s index: homeowners.esurance.

Allstate continues to own .allstate, which has a few active domains (which forward to its primary .com domain).

Finally, French reinsurance giant SCOR wants rid of .scor, which it has not been using.

Not every coronavirus domain registrant is a douchebag

While there are plenty of domain registrants apparently trying to make a quick buck out of the coronavirus pandemic, I’ve managed to dig up several that appear to have less parasitical motives.
I spent some time today poking around gTLDs where one might reasonably expect to find coronavirus information, products or services. In each TLD, I looked up the second-level strings “coronavirus”, “covid-19” and “covid19”. I did not check any ccTLDs, IDNs or geographic gTLDs.
In the large majority of gTLD cases, the domain was parked, offered for sale, or displayed default web host information.
Some were being monetized in other ways, and at least one appears to be actively dangerous to public health.
These are the ones that don’t seem to be purely out to make a quick buck or get people killed:

• covid19.health — a web site, attributed to one Steven Liu, has been produced containing interactive data about the current state of worldwide infections, deaths and recoveries.
• coronavirus.live — redirects to the pandemic data page at the Center for Systems Science and Engineering at Johns Hopkins University, which resembles a scene from War Games (1983).
• covid19.news, covid-19.news, covid-19.live and covid19.live — all redirect to covid2020.com, a web site run by somebody going by “CovidDataGirl” that appears to be at the very least a serious attempt to build a web site containing actual information. It does, however, also solicit small “buy me a coffee” donations to support the site, so it might not be fully altruistic.
• covid-19.com — frames Chinese-languages news and data about the outbreak from two other web sites, as it has since day one. I can’t fully verify the sources are legit, but they appear to be at first glance.
• coronavirus.com — this has been registered since 2002 and reportedly belongs to GoDaddy following its recent acquisition of Frank Schilling’s portfolio. It bounces visitors to the World Health Organization’s coronavirus web page. GoDaddy didn’t really have any choice here — any appearance of an attempt to monetize would have been public relations suicide.
• coronavirus.app — more hard data overlaid onto a fairly slick world map.
• covid19.care and covid19.today — somebody is attempting or has attempted to make a useful web site here, but it’s either a work in progress or abandoned.
• covid19.consulting — bare-bones pandemic data.
• coronavirus.media — a news aggregator that looks like it was abandoned over a month ago.
• coronavirus.rehab — all the information is copy-pasted from sources such as WHO and Johns Hopkins, or fed in via open news APIs, but at least it’s therefore factual and there does not appear to be any overt attempt at monetization.
• covid-19.rehab — Russian news aggregator with no obvious monetization.
• coronavirus.horse — I had no particular reason to check this one out, other than I know the internet’s penchant for putting wacky stuff on .horse domains. To my surprise, it resolves, bouncing users to the nightmare fuel at the aforementioned Johns Hopkins site.

There were no registered domains in tightly restricted spaces such as .loan, .insurance and .pharmacy, as you might expect.
And now the bad news.
I found no clearly non-douchey uses in .blog, .doctor, .center, .clinic, .education, .equipment, .fit, .fitness, .flights, .healthcare, .hospital, .lawyer, .supplies, .supply, or .wiki. Just parking, sales and host default pages.
Sadly, coronavirus.science is being used by a bunch of irresponsible quacks to peddle dangerous pseudoscience.
I found one Spanish-language splog at coronavirus.consulting and an Amazon affiliate page selling hand sanitizer and face-masks at coronavirus.equipment.
One guy has registered one of the three strings in at least 10 different new gTLDs — including .deals, .host and .enterprises — each of which invites visitors to click on a link to the next in a never-ending cycle. None of the pages are monetized.
Somebody is attempting to make money selling merchandise featuring a cartoon cat in a face mask at coronavirus.shop and coronavirus.rocks. I have mixed feelings on this one, but I am a sucker for cats.
I was close to featuring the three .org domains in the “good” list above, as they actually present a great deal of content related to coronavirus, but they appear to belong to the same guy who’s currently arguing with Andrew Allemann on Domain Name Wire about whether it’s acceptable for domainers to profit from tragedy.
For the record, I agree with Allemann: serious domain investors should never attempt to exploit these kinds of crises for financial gain. Not coronavirus, not anything. It casts the entire profession in a terrible light and will probably harm domainers’ collective interests in the long run.
There’s a reason the Internet Commerce Association has a code of conduct banning such activity.
It’s a lot easier to ignore their complaints about, say, price increases in .com or .org, if you can easily characterize domainers as a bunch of ambulance-chasing assholes. Verisign has already done this and ICANN could well be next.

.gay hires pop star equality campaigner as spokesperson

Top Level Design has hired a pop musician with a history of gay rights activism and anti-bullying work as its new spokesperson for .gay, which launches today.
Logan Lynn has a 20-year career as a musician and TV presenter with nine studio albums under his belt. He also has experience doing public relations for LGBT charities.
He’s also been the recipient of homophobic trolling. Last year, he told People magazine about the relentless online abuse he suffered after putting his friend, Hollywood actor Jay Mohr, full-frontal nude in one of his music videos in 2018.
He wrote on Top Level Design’s blog over the weekend:

Over the past couple of years, as online abuse directed at me reached an all-time high, I realized I was in a unique position to use my platform and story to help usher in change. It’s this fight that has led to me partnering with Top Level Design on the launch of .gay.
…
We know that we will not be able to single-handedly turn the internet into a hate-free zone, but .gay is committed to doing our part, and we absolutely reject the status quo — which is to do nothing without a court order.

The registry, which kicks off its sunrise period today, has policies in place that allow it to suspend .gay domains if they’re being used for homophobic bullying. General availability begins May 20.

Hacking claims resurface as .hotel losers force ICANN to lawyer up again

The fight over .hotel has been escalated, with four unsuccessful applicants for the gTLD whacking ICANN with a second Independent Review Process appeal.
The complaint resurrects old claims that a former lead on the successful application, now belonging to Afilias, stole trade secrets from competing applicants via a glitched ICANN web site.
It also revives allegations that ICANN improperly colluded with the consultant hired to carry out reviews of “community” applications and then whitewashed an “independent” investigation into the same.
The four companies filing the complaint are new gTLD portfolio applicants MMX (Minds + Machines), Radix, Fegistry, and Domain Venture Partners (what we used to call Famous Four).
The IRP was filed November 18 and published by ICANN December 16, but I did not spot it until more recently. Sorry.
There’s a lot of back-story to the complaint, and it’s been a few years since I got into any depth on this topic, so I’m going to get into a loooong, repetitive, soporific, borderline unreadable recap here.
This post could quite easily be subtitled “How ICANN takes a decade to decide a gTLD’s fate”.
There were seven applicants for .hotel back in 2012, but only one of them purported to represent the “hotel community”. That applicant, HOTEL Top Level Domain, was mostly owned by Afilias.
HTLD had managed to get letters of support from a large number of hotel chains and trade groups, to create a semblance of a community that could help it win a Community Priority Evaluation, enabling it to skip to the finish line and avoid a potentially costly auction against its rival applicants.
CPEs were carried out by the Economist Intelligence Unit, an independent ICANN contractor.
Surprisingly to some (including yours truly), back in 2014 it actually managed to win its CPE, scoring 15 out of the 16 available points, surpassing the 14-point winning threshold and consigning its competing bidders’ applications to the scrap heap.
There would be no auction, and no redistribution of wealth between applicants that customarily follows a new gTLD auction.
Naturally, the remaining applicants were not happy about this, and started to fight back.
The first port of call was a Request for Reconsideration, which all six losers filed jointly in June 2014. It accused the EIU of failing to follow proper procedure when it evaluated the HTLD community application.
That RfR was rejected by ICANN, so a request for information under ICANN’s Documentary Information Disclosure Policy followed. The losing applicants reckoned the EIU evaluator had screwed up, perhaps due to poor training, and they wanted to see all the communications between ICANN and the EIU panel.
The DIDP was also rejected by ICANN on commercial confidentiality grounds, so the group of six filed another RfR, asking for the DIDP to be reconsidered.
Guess what? That got rejected too.
So the applicants then filed an IRP case, known as Despegar v ICANN, in March 2015. Despegar is one of the .hotel applicants, and the only one that directly plays in the hotel reservation space already.
The IRP claimed that ICANN shirked its duties by failing to properly oversee and verify the work of the EIU, failing to ensure the CPE criteria were being consistently applied between contention sets, and failing in its transparency obligations by failing to hand over information related to the CPE process.
While this IRP was in its very early stages, it emerged that one of HTLD’s principals and owners, Dirk Krischenowski, had accessed confidential information about the other applicants via an ICANN web site.
ICANN had misconfigured its applicant portal in such a way that any user could very access any attachment on any application belonging to any applicant. This meant sensitive corporate information, such as worst-case-scenario financial planning, was easily viewable via a simple search for over a year.
Krischenowski appears to have been the only person to have noticed this glitch and used it in earnest. ICANN told applicants in May 2015 that he had carried out 60 searches and accessed 200 records using the glitch.
Krischenowski has always denied any wrongdoing and told DI in 2016 that he had always “relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.”
The applicants filed another DIDP, but no additional information about the data glitch was forthcoming.
When the first IRP concluded, in February 2016, ICANN prevailed, but the three-person IRP panel expressed concern that neither the EIU nor ICANN had any process in place to ensure that community evaluations carried out by different evaluators were consistently applying the CPE rules.
The IRP panel also expressed concern about the “very serious issues” raised by the ICANN portal glitch and Krischenowski’s data access.
But the loss of the IRP did not stop the six losing applicants from ploughing on. Their lawyer wrote to ICANN in March 2016 to denounce Krischenowski’s actions as “criminal acts” amounting to “HTLD stealing trade secrets of competing applicants”, and as such HTLD’s application for .hotel should be thrown out.
Again, to the best of my knowledge, Krischenowski has never been charged with, let alone convicted of, any criminal act.
Afilias wrote to ICANN not many weeks later, April 2016, to say that it had bought out Krischenowski’s 48.8% stake in HTLD and that he was no longer involved in the company or its .hotel application.
And ICANN’s board of directors decided in August 2016 that Krischenowski may well have accessed documents he was not supposed to, but that it would have happened after the .hotel CPE had been concluded, so there was no real advantage to HTLD.
A second, parallel battle against ICANN by an unrelated new gTLD applicant had been unfolding over the same period.
A company called Dot Registry had failed in its CPE efforts for the strings .llc, .llp and .inc, and in 2014 had filed its own IRP against ICANN, claiming that the EIU had “bungled” the community evaluations, applying “inconsistent” scoring criteria and “harassing” its supporters.
In July 2016, almost two years later, the IRP panel in that case ruled that Dot Registry had prevailed, and launched a withering attack on the transparency and fairness of the ICANN process.
The panel found that, far from being independent, the EIU had actually incorporated notes from ICANN staff into its CPE evaluations during drafting.
It was as a result of this IRP decision, and the ICANN board’s decision that Krischenowski’s actions could not have benefited HTLD, that the losing .hotel applicants filed yet another RfR.
This one lasted two and a half years before being resolved, because in the meantime ICANN launched a review of the CPE process.
It hired a company called FTI Consulting to dig through EIU and ICANN documentation, including thousands of emails that passed between the two, to see if there was any evidence of impropriety. It covered .hotel, .music, .gay and other gTLD contention sets, all of which were put on hold while FTI did its work.
FTI eventually concluded, at the end of 2017, that there was “no evidence that ICANN organization had any undue influence on the CPE reports or engaged in any impropriety in the CPE process”, which affected applicants promptly dismissed as a “whitewash”.
They began lobbying for more information, unsuccessfully, and hit ICANN with yet another RfR in April 2018. Guess what? That one was rejected too.
The .hotel applicants then entered into a Cooperative Engagement Process — basically pre-IRP talks — from October 2018 to November 2019, before this latest IRP was filed.
It’s tempting to characterize it as a bit of a fishing expedition, albeit not a baseless one — any allegations of ICANN’s wrongdoing pertaining the .hotel CPE are dwarfed by the applicants’ outraged claims that ICANN appears to be covering up both its interactions with the EIU and its probe of the Krischenowski incident, partly out of embarrassment.
The claimants want ICANN to be forced to hand over documentation refused them on previous occasions, relating to: “ICANN subversion of the .HOTEL CPE and first IRP (Despegar), ICANN subversion of FTI’s CPE Process Review, ICANN subversion of investigation into HTLD theft of trade secrets, and ICANN allowing a domain registry conglomerate to takeover the ‘community-based’ applicant HTLD.”
“The falsely ‘independent’ CPE processes were in fact subverted by ICANN in violation of Bylaws, HTLD stole trade secrets from at least one competing applicant, and Afilias is not a representative of the purported community,” the IRP states.
“HTLD’s application should be denied, or at least its purported Community Priority relinquished, as a consequence not only for HTLD’s spying on its competitors’ secret information, but also because HTLD is no longer the same company that applied for the .HOTEL TLD. It is now just a registry conglomerate with no ties to the purported, contrived ‘Community’ that it claims entitled to serve,” it goes on.
ICANN is yet to file its response to the complaint.
Whether the IRP will be successful is anyone’s guess, but what’s beyond doubt is that if it runs its course it’s going to add at least a year, probably closer to two, to the delay that .hotel has been languishing under since the applications were filed in 2012.
Potentially lengthening the duration of the case is the claimants’ demand that ICANN “appoint and train” a “Standing Panel” of at least seven IRP panelists from which each three-person IRP panel would be selected.
The standing panel is something that’s been talked about in ICANN’s bylaws for at least six or seven years, but ICANN has never quite got around to creating it.
ICANN pinged the community for comments on how it should go about creating this panel last year, but doesn’t seemed to have provided a progress report for the last nine months.
The .hotel applicants do not appear to be in any hurry to get this issue resolved. The goal is clearly to force the contention set to auction, which presumably could happen at Afilias’ unilateral whim. Time-to-market is only a relevant consideration for the winner.
With .hotel, and Afilias’ lawsuit attempting to block the .web sale to Verisign, the last round of new gTLD program, it seems, is going to take at least a decade from beginning to end.

Possibly the strangest new gTLD acquisition yet

The company running .icu has taken over a similar-sounding but ugly dot-brand from a Chinese games company.
ShortDot took over the ICANN registry agreement for .cyou from a Chinese games company in November, recently updated ICANN records show.
The seller is Beijing Gamease Age Digital Technology Co, which makes massively multiplayer online games targeted at the Chinese market.
The company is branded as Changyou.com and CYOU is its Nasdaq ticker symbol. The .cyou gTLD was not technically a dot-brand under ICANN rules.
Changyou signed its registry agreement with ICANN five years ago, but never registered any .cyou domains.
The decision to dump .cyou is no doubt related to the fact that Changyou is currently in the process of being reacquired and delisted by Sohu, its majority owner and former parent. The domain presumably soon will have no meaning for the company, even defensively.
It’s such a clumsy, otherwise meaningless string, that surely there was one one potential home for it: the .icu registry. Just as .icu can be read as “I see you”, .cyou can be read as “see you”.
ShortDot has had an inexplicable success with .icu in the last 12 months, during which it has become the industry volume leader in new gTLD sales. Today’s zone files show over SIX MILLION domains have been registered. That’s up from about 400,000 a year ago.
Most of its sales are coming via Chinese registrars, which are selling .icu names for under a dollar for the first year. It has yet to see its first junk drop.
If SpamHaus statistics are any guide, the buyers are largely domainers, rather than spammers. SpamHaus says .icu has under a 2% “badness” rating.
So, while .cyou would look like utter rubbish to any other registry, if ShortDot can bundle it with .icu, perhaps persuading a portion of its registrants to double-up, it may be worth a bit of money.
The registry expects to launch its new acquisition in June.
It’s the second branded gTLD ShortDot has acquired and repurposed after .bond, which used to belong to a university of the same name.