Verisign v XYZ judge confirms both companies suck

Verisign and XYZ.com have both come out of a US lawsuit looking like scumbags.
Explaining his dismissal of Verisign’s false advertising lawsuit against .xyz registry XYZ.com, Virginia judge Claude Hilton today said that XYZ.com’s statements about its registration numbers were “verifiably true”.
At the same time, he confirmed that they came about as a result of a bullshit deal with Network Solutions to bolster .xyz’s launch numbers.
The judge’s ruling confirms for the first time the financial details of the deal between XYZ and Web.com (Network Solutions) that saw .xyz’s registration volume rocket in its first few weeks of general availability. He wrote:

Web.com purchased 375,000 domain names for a price of $8 each totaling $3 million dollars. In exchange, XYZ purchased advertising from Web.com in the form of 1,000 impressions for $10 each, at a total cost of $3 million dollars. Instead of cash exchanging hands, advertising credit was given to XYZ and the .xyz domain names were given to Web.com, who subsequently gave them away as free trials to their subscribers.

In other words, XYZ bought $10,000 of advertising for $3 million and paid for it with $3 million of free .xyz domains — 375,000 of them.
That bogus deal enabled XYZ to report big reg volume numbers without actually, legally, lying,
“The statements regarding Defendants’ revenue and number of registrations are statements of fact that are verifiably true,” the judge wrote.

When the Defendants [XYZ.com] stated they were a market leader in new TLD’s and that they had the most new registrations than any other TLD, they were basing that information off of an accurate zone file. Further, the zone file confirms that there are over 120 million .com registrations and one {1) million .xyz registrations. These statements are also true.

The judge said he was dismissing the suit not just because XYZ wasn’t lying, but also because Verisign couldn’t show that it had been harmed.
The number of .com registrations has actually been going up, he noted.
Much of Verisign’s complaint centered on this ad:

Verisign said the ad lied about the availability of .com domains, which XYZ denied.
The judge said:

The video posted to YouTube is puffery and opinion. It displays no actual domain names, and communicates a subjective measure of value and superiority, not capable of being proven false.

“Puffery” is a term with legal weight in false advertising cases under US law. It basically means that advertisers are allowed to exaggerate. XYZ had in fact used the “puffery” defense.
The judge seems to have relied heavily on zone file analysis to reach his conclusions. He wrote.

according to Plaintiff’s [Verisign’s] own data, .com names are largely unavailable. In a given month, Plaintiff reports that it receives about two (2) billion requests to register <.com> domain names, yet fewer than three (3) million are actually registered.

I believe that “two billion” number refers to how many “attempted adds” Verisign gets every month for .com domains, as reported in its monthly reports with ICANN.
That number would include every automated attempt to register a dropping domain by every registrar.
It’s not a reflection of how many actual human beings attempt and fail to register .com domains and, in my view, it’s worrying that the judge took it to mean that.
In summary, the lawsuit managed to unearth the dirty reality behind XYZ’s launch “success”, whilst also making Verisign look like a petty, petulant, child.
Everybody loses.
Except the lawyers, obviously, who have been paid millions.

ICANN reveals 12 more data breaches

Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.
ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.
The revelation follows an investigation that started in April this year.
ICANN said in a statement:

in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.

The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.
It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.
Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.
ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.
Krischenowski has denied any wrongdoing.
ICANN said last night that its investigation is now over.

English beats Portuguese in $2.2m .hotels auction

Booking.com has won the right to operate .hotels after an auction concluded a protracted fight over the gTLD.
In an ICANN-run auction yesterday, Booking.com prevailed with a winning bid of $2.2 million.
Its sole competitors was Travel Reservations (formerly Despegar Online), which had applied for the Portuguese word .hoteis.
In 2012, a String Similarity Review panel concluded that .hotels and .hoteis look too similar to coexist, due to the likelihood of confusion between I and l in sans-serif fonts.
Neither applicant agreed with that decision, knowing that it would result in a expensive auction, and Booking.com filed a Request for Reconsideration and then, in March 2013, an Independent Review Process complaint.
After two years, it lost the IRP. But the panel said it had “legitimate concerns” about the fairness of the SSR process and ordered ICANN to pay half of its costs.
Now, Booking.com has had to fork out another $2.2 million for the string.
That’s not particularly expensive as ICANN-auctioned gTLDs go. Eight of the 13 other strings ICANN has auctioned have sold for more.
ICANN’s auction proceeds to date now stands at $63,489,127, which is being held in a separate bank account for purposes yet to be determined.

.feedback regs Fox trademark to itself during sunrise

Top Level Spectrum, the new .feedback registry, has painted a second gigantic target on itself by registering to itself a .feedback domain matching one of the world’s largest media brands.
The company has registered fox.feedback and put up a web site soliciting comment on Fox Broadcasting Company.
This has happened whilst .feedback is still in its sunrise period.
The intellectual property community is, I gather, not particularly happy about the move.
The domain fox.feedback points to a web site that uses TLS’ standard feedback platform, enabling visitors to rate and comment on Fox.
The site has a footnote: “Disclaimer: This site is provided to facilitate free speech regarding fox. No direct endorsement or association should be conferred.”
Fox had no involvement with the registration, which Whois records show is registered to Top Level Spectrum itself.
Registry CEO Jay Westerdal said that the domain is one of the 100 “promotional” domains that new gTLD registries are allowed to set aside for their own use under the terms of their ICANN contracts.
Registries usually register names like “buy.example” or “go.example”, along with the names of early adopter anchor tenant registrants, using this mechanism.
I’m not aware of any case where a registry has consciously registered a famous brand, without permission, as part of its promotional allotment.
“The website is hosted automatically by the Feedback platform,” Westerdal said. “Fox Television Network has raised no concerns and has not applied for the domain during sunrise. We are testing out promotion of the TLD with the domain as per our ICANN contract.”
Fox may still be able to buy the domain during sunrise, he said.
“This is a Registry Operation name. During sunrise, If we receive an application from a sunrise-eligible rights holders during sunrise for a Registry Operations name we may release the name for registration,” he said.
Fox’s usual registrar is MarkMonitor. Matt Serlin, VP there, said in an email that the TLS move could be raised with ICANN Compliance:

I find it curious that this branded domain name would have been registered to the registry prior to the sunrise period which is restricted to the 100 registry promotional names. The fact that the domain is actually resolving to a live site soliciting feedback for The Fox Broadcasting Company is even more troubling. MarkMonitor may look to raise this to ICANN Compliance once the registry is able to confirm how this domain was registered seemingly outside of the required process.

The IP community originally fought the introduction of the 100-domain pre-sunrise exception, saying unscrupulous registries would use it to stop trademark owners registering their brands.
While there have been some grumblings about registries reserving dictionary terms that match trademarks, this may be the first case of a registry unambiguously targeting a brand.
Top Level Spectrum courted controversy with the trademark community last week when it told DI that it plans to sell 5,000-brand match domains to a third party company after .feedback goes into general availability in January.
Westerdal told us this is not “cybersquatting”, as the sites contain disclaimers and are there to facilitate free speech.
What do you think about this use of brands as “promotional” domains?
It’s indisputably pushing the envelope of what is acceptable, but is it fair? Should registries be allowed to do this?

Web.com just gave itself another reason to bid high for .web gTLD

Registrar group Web.com is changing its stock market ticker symbol to WEB tomorrow, in another sign that it really, really wants to be identified with the string.
The switch from WWWW may indicate that the NASDAQ-listed company’s six rivals for the new gTLD .web have a fight — and a possible big payday — on their hands when .web finally goes to auction.
Web.com is competing with Nu Dot Co, Radix, Google, Donuts, Afilias and Schlund for the gTLD.
The company has already fiercely defended its “right” to .web, filing successful String Confusion Objections against .webs applicant Vistaprint.
Vistaprint subsequently filed an ICANN Independent Review Process complaint to appeal its SCO loss.
Last month, the IRP was won by ICANN, but the panel left the door open for ICANN to reconsider its decision.
The .web auction is not likely to go ahead until the Vistaprint issue is resolved.
If ICANN decides the two strings can be delegated separately, what I think is the last barrier to the .web auction going ahead disappears.
If not, then Vistaprint finds itself as the seventh contender in the auction, which may give it the impetus to carry on challenging the ruling.
ICANN’s board plans to discuss the issue at its next meeting, December 10.
Which way it leans will give an indication of how long it will be before .web goes to auction.

XYZ says it won’t block censored Chinese domains

New gTLD registry XYZ.com has said it will not preemptively censor domain names based on the wishes of the Chinese government.
Over the last couple of days, CEO Daniel Negari has sought to “clarify” its plans to block and suspend domain names based on Chinese government requests.
It follows XYZ’s Registry Services Evaluation Request for a gateway service in the country, first reported by DI and subsequently picked up by the Electronic Frontier Foundation, a Wall Street Journal columnist, Fortune magazine and others.
The clarifications offered up by XYZ probably did more to confuse matters.
A blog post on Wednesday said that XYZ will not reserve any .xyz domain names from being registered, except those ICANN makes all new gTLD registries reserve.
Subsequent comments from Negari stated that XYZ will, as the RSEP stated, prevent names that have been banned in China from being registered.
However, there’s one significant difference.
Now, the registry is saying that it will only put those bans in place for domain names that have been specifically banned by the Chinese government when the name had already been registered by a Chinese registrant.
So, if I understand correctly, it would not preemptively ban anyone anywhere from registering [banned term].xyz.
However, if [banned term].xyz was registered to a Chinese resident and the Chinese government told the registry to suspend it, it would be suspended and nobody would be able to re-register it anywhere in the world.
Negari said in a blog comment yesterday:

if we receive a Chinese legal order tomorrow (before the gateway has launched) which requires disabling a domain name registered in China and properly under Chinese jurisdiction, then it will be disabled at the registry level, and not by the gateway. When the gateway launches the name will continue to be unavailable, and the gateway will not implement the action on a localized basis only in China. The normal registry system would continue to be the only system used to resolve the name globally. Again — the specific stability concern ICANN had was that we would use the Chinese gateway to make .xyz names resolve differently, depending on what country you are in. I completely agree that our [RSEP] re-draft to address that concern came out in a way that can be read in a way that we sincerely did not intend.

So there is a list of preemptively banned .xyz, .college, .rent, .security and .protection domains, compiled by XYZ from individual Chinese government requests targeting names registered to Chinese registrants.
Negari said in an email to DI yesterday:

To clarify the statement “XYZ will reserve domains,” we meant that XYZ will takedown domains in order to comply with “applicable law.” Unfortunately, the inaccuracies in your post caused people to believe that we were allowing the Chinese government to control what names could be registered or how they could be used by people outside of China. The idea that XYZ is going to impose Chinese law and prevent people outside of China from registering certain domain names is simply incorrect and not true. To be 100% clear, there is no “banned list.”

That was the first time anyone connected with XYZ had complained about the October 12 post, other than since-deleted tweets that corrected the size of the list from 40,000 domains to 12,000.
The RSEP (pdf) that causes all this kerfuffle has not been amended. It still says:

XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.

This fairly unambiguous statement is what XYZ says was “misinterpreted” by DI (and everyone else who read it).
However, it’s not just a couple of sentences taken out of context. The context also suggests preemptive banning of domains.
The very next sentence states:

When the Gateway is initially implemented we will not run into a problem whereby a Chinese registrant has already registered a name prohibited for registration by the Chinese government because Chinese registrars are already enforcing a prohibition on the registration of names that are in violation of Chinese law.

This states that Chinese residents are already being preemptively banned, by Chinese registrars, from registering domains deemed illegal in China.
The next few paragraphs of the RSEP deal with post-registration scenarios of domains being banned, clearly delineated from the paragraph dealing with pre-registration scenarios.
In his blog post, Negari said the RSEP “addressed the proactive abuse mitigation we will take to shut down phishing, pharming, malware, and other abuse in China”.
I can’t believe this is true. The consequence would be that if China sent XYZ a take-down notice about a malware or phishing site registered to a non-Chinese registrant, XYZ would simply ignore it.
Regardless, the takeaway today is that XYZ is now saying that it will not ban a domain before it has been registered, unless that domain has previously been registered by a Chinese resident and subsequently specifically banned by the Chinese government.
The registry says this is no different to how it would treat take-down notices issued by, for example, a US court. It’s part of its contractual obligation to abide by “applicable law”, it says.
Whether this is a policy U-turn or a case of an erroneous RSEP being submitted… frankly I don’t want to get into that debate.
Disclosure: during the course of researching this story, I registered .xyz domains matching (as far as this monoglot can tell) the Chinese words for “democracy”, “human rights”, “porn” and possibly “Tiananmen Square”. I have no idea if they have value and have no plans to develop them into web sites.

Forget .sucks, .feedback will drive trademark owners nuts all over again

Top Level Spectrum, the new gTLD registry behind .feedback, plans to give sell domains matching 5,000 of the world’s top brands to a third party that does not own the trademarks.
That’s one novel element of a .feedback business model that is guaranteed to drive the intellectual property community crazy in much the same way as .sucks did earlier this year.
The other piece of ‘innovation’ will see all .feedback domains — including the 5,000 brands — point by default to a hosted service that facilitates comment and criticism.
An example of such a site can be seen at www.eggsample.feedback. The registry’s CEO, Jay Westerdal, has a .feedback site at www.jay.feedback
If you agree to use the hosted service with your domain, the domain and service combined will cost a minimum of just $20 per year.
However, if you want to turn off the hosted service and use your .feedback like a regular domain, pointing to the web site of your choice, the price will ratchet up to $50 a month, or $620 a year.
Those are the wholesale prices. Both services will be offered through registrars, where some markup is to be expected.
The hosted service is being offered by Feedback SAAS LLC, a company that, judging by its web site, appears to share ownership with Top Level Spectrum, though Westerdal says the two firms have different employees.
It’s not dissimilar to the model employed by .tel, where name servers by default point to a registry-hosted service.
Unlike .tel, .feedback registrants will be able to opt out of using the SAAS service and point their domains to whatever name servers they want.
Westerdal told DI that .feedback is in the process of making a deal with a “third party” he could not yet name to have 5,000 branded .feedback domains deployed during the Early Access Period of the .feedback launch. That’s scheduled to start January 6.
“We are striking a deal to get feedback sites out there. We want everything to have feedback,” he said. “We are signing an agreement to get the ball rolling by doing a founders program to get names out there. Your favorite shoe, your pizza place, your everything.”
“The sites are all geared towards free speech and giving reviews,” he said. He said:

No trademark infringement will occur though, the sites are all geared towards free speech and giving reviews. Confusing the public that the brand is running the site will not happen, each site has a disclaimer and makes it clear the brand is not running the site.

Asked whether we were talking about a genuine third party or a shell set up by the registry, he said: “A real third party. I am not playing games.”
He said the higher pricing for the naked domain registration is intended to discourage companies from turning off the domains matching their brands.
The whole point of .feedback is to solicit feedback.
The as-yet unspecified third-party taking possession of the 5,000 brand names would not be prevented from selling the domains to the matching brand owner, or to any third parties, he said, though he would not be in favor of such a move.
He said that $20 a year to run a configurable .feedback site, with moderator privileges, is a “great deal” compared to the $300-a-month service he said consumer review site Yelp offers.
The SAAS service will make additional revenue by selling added features, suitable for enterprises, he said.
.feedback went into its sunrise period last week with a $2,000 wholesale fee — the same high price that attracted criticism for .sucks.
The original Registry Service Evaluation Process for the .feedback service hit ICANN over a year ago (pdf).
I missed it then. Sorry.
I noticed it today after corporate registrar MarkMonitor blogged about it.
Matt Serlin, VP of MarkMonitor, who blogged his opinion on .feedback’s strategy earlier today, said in an email that the .feedback strategy was “more objectionable” than he had thought, and that “[W]e would most likely look to raise to ICANN if that is his stated intent.”

Pro-.com analyst “sponsored” by Verisign. Is this a big deal?

Verisign has admitted it “sponsors” an analyst who has written more than a dozen articles singing the praises of .com and questioning the value of new gTLDs over the last few years.
Zeus Kerravala is the founder and principal analyst at ZK Research. He writes a regular column for Network World called Network Intelligence.
Last week, domain industry eyebrows were raised by the latest in a series of pro-.com articles — all of which seem to have been removed by Network World in the last 24 hours — to appear in the column.
The latest article was entitled “Why more companies are ditching new domain names and reverting to .com“.
Kerravala basically mined domain industry blogs, including this one, for examples of companies preferring .com over ccTLDs and new gTLDS, to support a view that .com is awesome and other TLDs are not.
He could have quite easily have used the same method to reach the opposite conclusion, in my view.
The Halloween-themed article concluded:

The good news is that .com will be here now and into the future, just like it has been for the past 30 years to provide treats to businesses after they have been “tricked” by other TLDs.

The article, and 12 more before it dating back to August 2012, looked to some like Verisign spin.
Other headlines include “Why .com is still the domain of choice for businesses” and “New generic top-level domain names do more harm than good” and “Companies are movin’ on up to .com domain names”.
They’re all basically opinion pieces with a strongly pro-.com slant.
The opinion that .com is better than the alternatives is not uncommon, especially among domainers who have lots of money tied up in .com investments.
The fact that Kerravala, who doesn’t usually touch the domain industry in his column, has written a dozen stories saying essentially the same thing about .com over the last couple of years looked a bit odd to some in the domain industry.
And it turns out that he is actually on the Verisign payroll.
A Verisign spokesperson told DI: “ZK Research is a sponsored industry analyst and blogger.”
The company declined to answer a follow-up question asking whether this meant he was paid to blog.
Kerravala told DI that Verisign is one of his clients, but denied blogging on its behalf. He said in an email:

they are a client like many of the other large technology firms. Although I blog, like many analysts, I am first an foremost an analyst. I have paid relationships with tech vendors, service providers, end user firms, resellers and the financial community.
Verisign pays me for inquiry time and to have access to my research. Verisign has many relationships like this with many analyst firms and I have this type of relationship with many other technology firms.
In no way do vendors pay me to write blogs nor do they influence my research or my opinions. Sometimes, I may choose to interview a vendor on a certain topic and include them in the article.

Kerravala had not disclosed in his Network World articles or boilerplate biography that Verisign is one of his clients.
In a January 2014 article published on SeekingAlpha, “New Generic Top Level Domain Names Pose No Threat To VeriSign“, contains a disclosure that reads in part “I have no business relationship with any company whose stock is mentioned in this article.”
Kerravala said in an email that although his relationship with Verisign started in 2013, the company was not a client at the time the SeekingAlpha article appeared.
The relationship came to light after new gTLD registry Donuts emailed Kerravala via a third party — and Kerravala says under false pretenses — claiming to have liked his most recent article and asking for a contact name at Verisign.
He would have responded honestly to just being asked directly by Donuts, he said.
In a telephone conversation yesterday, he said that his articles about .com represent his genuinely held beliefs which, as we agree, are not particularly unusual.
He observed that DI has a generally pro-TLD-competition point of view, and that many of my advertisers are drawn from the new gTLD industry, and said that his relationship with Verisign is not dissimilar to DI’s relationship to its advertisers.

.apple goes live

Apple’s .apple new gTLD was delegated today.
It’s going to be a strict dot-brand gTLD, in which only Apple can register domain names, but could wind up being highly influential.
While .apple now appears in the DNS root zone, no second-level names (not even nic.apple) are yet resolving.
Should Apple actually use its new TLD in a prominent way, it would be good news for the visibility of new gTLDs internationally.
The company has sold hundreds of millions of devices over the last decade or so.
But the company has a spotty history of paying attention to domain names, regularly launching products without first securing matching domain names.
It did recently adopt a .news domain name for one of its apps, however.
.apple could wind up being purely defensive, at least in the near term.
Apple’s 2012 application to ICANN describes its plans in literally one sentence, repeated five times:

Apple seeks to obtain the new .apple gTLD in order to provide consumers with another opportunity to learn about Apple, and its products and services.

Apple division Beats Electronics, which makes headphones, also had its dot-brand, .beats, delegated today.

Correction: .shop auction weirder than I thought

The upcoming auction for .shop and .shopping new gTLDs is weird, but in a different way to which I reported on Friday.
The actual rules, which are pretty complicated, mean that one applicant could win a gTLD auction without spending a single penny.
The nine applicants for .shop and the two applicants for .shopping are not necessarily all fighting it out to be a single victor, which is what I originally reported.
Rather, it seems to be certain that both .shop and .shopping will wind up being delegated.
The ICANN rules about indirect contention are not well-documented, as far as I can tell.
When I originally reported on the rules exactly two years ago today, I thought an animated GIF of a man’s head exploding was an appropriate way to end the story.
In the .shop/.shopping case, it seems that all 11 applications — nine for .shop and two for .shopping — will be lumped into the same auction.
Which applicant drops out first will determine whether both strings get delegated or only one.
Uniregistry and Donuts have applied for .shopping, but only Donuts’ application is in contention with Commercial Connect’s .shop application (due to a String Confusion Objection).
As Donuts has applied for both .shop and .shopping, it will be submitting separate bids for each application during the auction.
The auction could play out in one of three general ways.
Commercial Connect drops out. If Commercial Connect finds the .shop auction getting too rich for it and drops out, the .shopping contention set will immediately become an entirely separate auction between Uniregistry and Donuts. In this scenario, both .shop and .shopping get to become real gTLDs.
Donuts drops its .shopping bid. If Donuts drops its bid for .shopping, Uniregistry is no longer in indirect contention with Commercial Connect’s .shop application, so it gets .shopping for free.
Commercial Connect wins .shop. If Commercial Connect prevails in .shop, that means Donuts has withdrawn from the .shopping auction and Uniregistry wins.
It’s complicated, and doesn’t make a lot of logical sense, but it seems them’s the rules.
It could have been even more complex. Until recently, Amazon’s application for .通販 was also in indirect contention with .shop.
Thanks to Rubens Kuhl of Nic.br for pointing out the error.