Latest news of the domain name industry

Recent Posts

Verisign demands 24/7 domain hijacking support

Kevin Murphy, August 6, 2012, Domain Registrars

Verisign is causing a bit of a commotion among its registrar channel by demanding 24/7 support for customers whose .com domains have been hijacked.
The changes, we understand, are among a few being introduced into Verisign’s new registry-registrar agreement for .com, which coincides with the renewal of its registry agreement with ICANN.
New text in the RRA states that: “Registrar shall, consistent with ICANN policy, provide to Registered Name Holders emergency contact or 24/7 support information for critical situations such as domain name hijacking.”
From the perspective of registrants, this sounds like a pretty welcome move: who wouldn’t want 24/7 support?
While providing around the clock support might not be a problem for the Go Daddies of the world, some smaller registrars are annoyed.
For a registrar with a small headcount, perhaps servicing a single time zone, 24/7 support would probably mean needing to hire more staff.
Their annoyance has been magnified by the fact that Verisign seems to be asking for these new support commitments without a firm basis in ICANN policy, we hear.
The recently updated transfers policy calls for a 24/7 Transfer Emergency Action Contact — in many cases just a staff member who doesn’t mind being hassled about work at 2am — but that’s meant to be reserved for use by registrars, registries and ICANN.

Domain hijack leads to registrar shutdown threat

Kevin Murphy, April 12, 2012, Domain Registrars

ICANN has threatened to terminate Chinese domain name registrar eName Technology after the domain 1111.com was allegedly hijacked.
According to ICANN’s notice of breach (pdf), eName has refused to hand over data documenting the transfer of 1111.com as required by the Registrar Accreditation Agreement.
ICANN claims that when it tried to get eName’s help investigating a hijacking complaint, the company did not return its calls or emails.
The registrar now has 15 days to provide the transfer records as called for by the Inter-Registrar Transfer Policy.
According to historical Whois records, 1111.com was transferred to eName between February 12 and 16 this year. After a complaint, ICANN started chasing eName for the data on February 28.
The domain appears to have been owned by at least four different parties and three different registrars – Network Solutions, then Joker, then eName – since the start of 2012.
It’s the second time that ICANN has sent a breach notice to a registrar over an alleged mishandling of a domain name hijacking, and the first time it’s actually named the domain in question.
In February, the organization threatened Turkish registrar Alantron with the suspension of its contract over the botched handling of pricewire.com.

Rogue registrar suspended over “stolen” domain

Kevin Murphy, February 20, 2012, Domain Registrars

ICANN has told Turkish domain name registrar Alantron that its accreditation will be suspended for a month due to its shoddy record-keeping.
The suspension, which will become effective March 8, follows an investigation into allegations of double-selling.
ICANN issued the suspension last Thursday after trying unsuccessfully for almost three months to get its hands on Alantron’s registration records.
The company now has until March 28 to sort out its compliance problems or face losing its accreditation entirely.
I understand the investigation was prompted by complaints filed by an American named Roger Rainwater over the potentially valuable domain name pricewire.com.
Pricewire.com spent a couple of years under Whois privacy but was grabbed last August by Turkish registrant Altan Tanriverdi, according to historical Whois records.
Rainwater, who says he had been monitoring it for three or four years, subsequently paid Tanriverdi an undisclosed sum for the domain, signing up for an Alantron account so it could be pushed.
Rainwater showed up in the Whois for pricewire.com on September 7 last year. But he says he was unable to change his name servers and 48 hours later the name disappeared from his account.
He says he was told by Alantron that it had put the domain in Tanriverdi’s account “by mistake” and that it was sold to SnapNames as part of a batch of dropping domains.
According to emails sent to Rainwater, seen by DI, Alantron said that pricewire.com was “registered via a partner company called Directi for a company called Snapnames”.
SnapNames had already auctioned the name – apparently there were more than 40 bidders – and the name has since been transferred to one Sammy Katz of Philadelphia.
However, given that Whois reliability is at question here, it’s not entirely clear who owns it. It’s currently parked at InternetTraffic.com.
Tanriverdi, who appears to be equally aggrieved, has published an extensive history of the dispute, along with screenshots, here (in Turkish).
In short: Alantron stands accused of double-selling pricewire.com.
ICANN’s compliance team has been unable to get its hands on the underlying transaction data despite repeated attempts because Alantron apparently doesn’t have it.
Its suspension notice alleges that Alantron was running two registration systems in parallel and that they weren’t talking to each other, resulting in the same name being sold to two parties.
Read ICANN’s suspension notice in PDF format here.

ICANN tells Congressmen to chillax

Kevin Murphy, January 25, 2012, Domain Policy

ICANN senior vice president Kurt Pritz has replied in writing to great big list of questions posed by US Congressmen following the two hearings into new gTLDs last month.
The answers do what the format of the Congressional hearings made impossible – provide a detailed explanation, with links, of why ICANN is doing what it’s doing.
The 27-page letter (pdf), which addresses questions posed by Reps. Waxman, Eshoo and Dingell, goes over some ground you may find very familiar, if you’ve been paying attention.
These are some of the questions and answers I found particularly interesting.
Why are you doing this?
Pritz gives an overview of the convoluted ICANN process responsible for conceiving, creating and honing the new gTLD program over the last few years.
It explains, for example, that the original GNSO Council vote, which set the wheels in motion back in late 2007, was 19-1 in favor of introducing new gTLDs.
The “lone dissenting vote”, Pritz notes, was cast by a Non-Commercial Users Constituency member – it was Robin Gross of IP Justice – who felt the program had too many restrictions.
The letter does not mention that three Council members – one from the Intellectual Property Constituency and two more from the NCUC – abstained from the vote.
Why aren’t the trademark protection mechanisms finished yet?
The main concern here is the Trademark Clearinghouse.
New gTLD applicants will not find out how the Clearinghouse will operate until March at the earliest, which is cutting it fine considering the deadline for registering as an applicant is March 29.
Pritz, however, tells the Congressmen that applicants have known all they need to know about the Clearinghouse since ICANN approved the program’s launch last June.
The Clearinghouse is a detail that ideally should have been sorted out before the program launched, but I don’t believe it’s the foremost concern for most applicants or trademark owners.
The unresolved detail nobody seems to be asking about is the cost of a Uniform Rapid Suspension complaint, the mechanism to quickly take down infringing second-level domain names.
ICANN has said that it expects the price of URS – which involves paying an intellectual property lawyer to preside over the case – to be $300 to $500, but I don’t know anyone who believes that this will be possible.
Indeed, one of the questions asked by Rep. Waxman starts with the premise “Leading providers under Uniform Dispute Resolution Policy (UDRP) have complained that current fees collected are inadequate to cover the costs of retaining qualified trademark attorneys.”
UDRP fees usually start at around $1,000, double what ICANN expects the URS – which I don’t think is going to be a heck of a lot simpler for arbitration panels to process – to cost trademark owners.
Why isn’t the Trademark Claims service permanent?
The Trademark Claims service is a mandatory trademark protection mechanism. One of its functions is to alert trademark holders when somebody tries to register their mark in a new gTLD.
It’s only mandatory for the first 60 days following the launch of a new gTLD, but I’m in agreement with the IP community here – in an ideal world, it would be permanent.
However, commercial services already exist that do pretty much the same thing, and ICANN doesn’t want to anoint a monopoly provider to start competing with its stakeholders. As Pritz put it:

“IP Watch” services are already provided by private firms, and it was not necessary for the rights protection mechanisms specific to the New gTLD Program to compete with those ongoing watch services already available.

In other words, brands are going to have to carry on paying if they want the ongoing benefits of an infringement notification service in new gTLDs.
When’s the second round?
Nothing new here. Pritz explains why the date for the second round has not been named yet.
Essentially, it’s a combination of not knowing how big the first round is going to be and not knowing how long it will take to conduct the two (or three) post-first-round reviews that ICANN has promised to the Governmental Advisory Committee.
I tackle the issue of second-round timing in considerable detail on DomainIncite PRO. My feeling is 2015.
On Whois verification
Pritz reiterates what ICANN CEO Rod Beckstrom told the Department of Commerce last week: ICANN expects that many registrars will start to verify their customers’ Whois data this year.
ICANN is currently talking to registrars about a new Registrar Accreditation Agreement that would mandate some unspecified degree of Whois verification.
This issue is at the top of the law enforcement wish list, and it was taken up with gusto by the Governmental Advisory Committee at the Dakar meeting in October.
Pritz wrote:

ICANN is currently in negotiations with its accredited registrars over amendments to the Registrar Accreditation Agreement. ICANN is negotiating amendments regarding to the verification of Whois data, and expects its accredited registrars to take action to meet the rising call for verification of data. ICANN expects that the RAA will incorporate – for the first time – Registrar commitments to verify Whois data.

He said ICANN expects to post the amendments for comment before the Costa Rica meeting in mid-March, and the measures would be in place before the first new gTLDs launch in 2013.
I’ve heard from a few registrars with knowledge of these talks that Whois verification mandates may be far from a dead-cert in the new RAA.
But by publicly stating to government, twice now, that Whois verification is expected, the registrars are under increased pressure to make it happen.
IF Whois verification is not among the RAA amendments, expect the registrars to get another dressing down from the GAC at the Costa Rica meeting this March.
On the other hand, ICANN has arguably handed them some negotiating leverage when it comes to extracting concessions, such as reduced fees.
The registrars were prodded into these talks with the GAC stick, the big question now is what kind of carrots they will be offered to adopt an RAA that will certainly raise their costs.
ICANN expects to post the proposed RAA changes for public comment by February 20.

Domain registrars pressured into huge shakeup

Kevin Murphy, October 26, 2011, Domain Registrars

Domain name registrars have agreed to negotiate big changes to their standard contract with ICANN, after getting a verbal kicking from the US and other governments.
While the decision to revamp the Registrar Accreditation Agreement was welcomed by intellectual property interests, it was criticized by non-commercial users worried about diluting privacy rights.
The ICANN registrar constituency said in a statement today that it will enter into talks with ICANN staff in an effort to get a new RAA agreed by March next year.
It’s an ambitious deadline, but registrars have come under fire this week over the perception that they have been using ICANN’s arcane processes to stonewall progress.
So, what’s going to change?
The registrars said that the negotiations will focus on 12 areas, originally put forward by international law enforcement agencies, that have been identified as “high priority”.
They cover items such as an obligation to disclose the names of registrants using privacy services, to work with law enforcement, and to tighten up relationships with resellers.
Here’s a list of all 12, taken from a recent ICANN summary report (pdf).
[table id=1 /]
The changes were first suggested two years ago, and ICANN’s increasingly powerful Governmental Advisory Committee this week expressed impatience with the lack of progress.
There’s a US-EU cybercrime summit coming up next month, and GAC members wanted to be able to report back to their superiors that they’ve got something done.
As I reported earlier in the week, the GAC gave the registrars a hard time at the ICANN meeting in Dakar on Sunday, and it took its concerns to the ICANN board yesterday.
“We are looking for immediate visible and credible action to mitigate criminal activity using the domain name system,” US GAC representative Suzanne Radell told the board.
She won support from Steve Crocker who, in his first meeting as ICANN’s chairman, has shown a less combative style than his predecessor when talking with governments.
He seemed to agree that progress on RAA amendments through the usual channels – namely the Generic Names Supporting Organization – had not met expectations.
“One of the things that is our responsibility at the board level is not only to oversee the process, not only to make sure rules are followed and that everything is fair, but at the end of the day, that it’s effective,” he said.
“If all we have is process, process, process, and it gets gamed or it’s ineffective just because it’s not structured right, then we have failed totally in our duty and our mission,” he said.
An immediate result of the registrars’ decision to get straight into talks was the removal of an Intellectual Property Constituency motion from today’s GNSO Council meeting.
The IPC had proposed that the RAA should be revised in a trilateral way, between the registrars, ICANN, and everyone else via the GNSO.
Yanking the motion, IPC representative Kristina Rosette warned that the IPC would bring it back to the table if the RAA talks do not address the 12 high-priority items.
It would be unlikely to pass – registrars and registries vote against anything that would allow outside interests to meddle in their contracts, and they have the voting power to block such motions.
The ideas in the motion nevertheless stirred some passionate debate.
Tucows CEO Elliot Noss described the GAC’s heavy-handed criticisms as “kabuki theater” and “an attempt to bring politics as usual into the multi-stakeholder process” and said the RAA is not the best way to add protections to the DNS.
“Getting enforcement-type provisions, be they law enforcement or IP protections, into the RAA accomplishes only one thing. It turns the ICANN compliance department into a police department,” he said.
Wendy Seltzer, representing the Non-Commercial Users Constituency, said the changes proposed to the RAA “would reduce the privacy of registrants” and put them at increased risk of domain take-downs.
A broader issue is that even after a new RAA is negotiated registrars will be under no obligation to sign up to it until their current contracts expire.
Because many leading registrars signed their last contract after it was revised in 2009, it could be three or four years before the new RAA has any impact.
I’m not sure it’s going to be enough to fully satisfy the GAC.
Radell, for example, said yesterday that some items – such as the registrar obligation to publish an abuse contact – should be brought in through a voluntary code of conduct in the short term.
She also called for the 20% of registrars deemed to be bad actors (not a scientifically arrived-at number) should be de-accredited by ICANN.
UPDATE (October 27): Mason Cole of the registrars constituency has been in touch to say that the RAA talks will not only look at the 12 “high priority” or law enforcement recommendations.
Rather, he said, “there will be consideration of a broader range of issues.”
This appears to be consistent with the registrars’ original statement, which was linked to in the above post:

The negotiations are in response to the development of a list of recommendations made by law enforcement agencies and the broader Internet community to provide increased protections for registrants and greater security overall.

Facebok.com given to Facebook despite “theft” claim

Kevin Murphy, May 30, 2011, Domain Policy

ICANN says registrar contract trumps national court. Registrar warns of legal consequences.
The typo domain name facebok.com has finally been returned to Facebook, over eight months after it was subject to a successful cyberquatting complaint.
The domain does not currently resolve, but Whois records show it was transferred to Facebook from its previous registrant, one “Franz Bauer”, last Thursday.
The case was marked by controversy, after ICANN threatened to shut down its sponsoring registrar, EuroDNS, for failing to transfer the domain last within 10 days, as required by UDRP rules.
EuroDNS had resisted the transfer after being named in a lawsuit, in its native Luxembourg, filed by a suspicious Panama shell company going by the name Facebok.com. The plaintiff claimed the domain had been “stolen” by Bauer.
But ICANN told the registrar last week that the Registrar Accreditation Agreement only allows the registrar to defer a transfer if the original registrant – not a third party – sues.
In a letter noting that EuroDNS is “a long-standing and respected member of the ICANN community”, the ICANN compliance department said:

the only kind of documentation that will stop the registrar from implementing a panel decision ordering a transfer is evidence that the registrant/respondent has commenced a lawsuit against the complainant in a jurisdiction to which the complainant has submitted under UDRP Rules. The mere filing of a complaint by a third party does not excuse the registrar from fulfilling its obligations under the policy.

in recognition that there has been a court filing, ICANN must reiterate that failing to comply with the relevant contractual provisions of the RAA subjects EuroDNS to escalated compliance action up to and including termination of the EuroDNS accreditation.

That seems to have been sufficient clarity for EuroDNS to push through the transfer, but the registrar is not happy about the situation, which may leave it in a tricky legal position in Luxembourg.
In a reply to ICANN, EuroDNS CEO Xavier Buck suggested that the story may not be over yet:

the action you demand from EuroDNS will have tremendous consequences for our company in the pending judiciary case.
Consequently, EuroDNS reserves all rights to seek indemnification from ICANN for any damages or loss caused by the action we have been forced to take not to lose our Registrar accreditation.

The lawsuit was filed last September, just days after the UDRP case was decided, but has not yet gone to court.
Under its previous ownership, facebok.com redirected to a series of scam sites that may have proved rather lucrative.

Three registrars face the ICANN chop

Kevin Murphy, November 24, 2010, Domain Registrars

ICANN has told three registrars they are in breach of their registrar contracts and will lose their accreditation next month unless they rectify the problems.
These registrars, all of which appear to have negligible numbers of gTLD domains under management, are affected:
Mister Name will be shut down if it does not pay its ICANN fees and escrow its Whois data.
Open System Ltd is accused of not having a functioning Whois service.
Best Bulk Domains Inc also doesn’t have a functioning Whois, ICANN said. It also has not been paying its dues and hasn’t maintained accurate contact information for itself.
All three have dates in mid-December to clean up their acts or lose their right to sell gTLD domains.
You can find ICANN’s compliance letters here.

Two registrars get stay of execution

Kevin Murphy, August 19, 2010, Domain Registrars

ICANN has given two registrars another year of accreditation, after previously threatening to terminate their contracts for non-payment of fees.
Abansys & Hostytec and Namehouse, two small registrars, have had the terms of their registrar accreditation agreements extended to August 15, 2011 and July 6, 2011, respectively.
In June, ICANN had told both companies they would be de-accredited on July 1, 2010. Together, the two firms owed almost $20,000 in unpaid fees.
Yesterday, a small note appeared on ICANN’s compliance page:

18 August 2010: Abansys & Hostytec, S.L. RAA effective date extended to 15 August 2011.
18 August 2010: Namehouse, Inc. RAA effective date extended to 6 July 2011.

It’s not entirely clear to me whether this means the registrars have paid up or not. Unlike previous occasions, there’s no mention of whether the companies “cured all outstanding contract breaches”.
According to DotAndCo.net, neither registrar has any domains under management in the gTLDs, although Abansys & Hostytec claims to run over 100,000 domains.

Registrars responsible for proxy cybersquatters

Domain name registrars can be liable when their customers break the law, if those customers use a privacy service, according to new ICANN guidance.
The ICANN advisory clarifies the most recent Registrar Accreditation Agreement, and seems primarily pertinent to UDRP cases where the registrar refuses to cooperate with the arbitrator’s request for proper Whois records.
The advisory says:

a Registered Name Holder licensing the use of a domain is liable for harm caused by the wrongful use of the domain unless the Registered Name Holder promptly identifies the licensee to a party providing the Registered Name Holder with reasonable evidence of actionable harm

In other words, if a domain gets hit with a UDRP claim or trademark infringement lawsuit, as far as the RAA is concerned the proxy service is the legal registrant unless the registrar quickly hands over its customer’s details.
Law enforcement and intellectual property interests have been complaining about registrars refusing to do so for years, most recently in comments on ICANN’s Whois accuracy study.
ICANN offers a definition of the word “promptly” as “within five business days” and “reasonable evidence” as trademark ownership and evidence of infringement.
I don’t think this ICANN guidance will have much of an impact on privacy services offered by the big registrars, which generally seem quite happy to hand over customer identities on demand.
Instead, this looks like it could be the start of a broader ICANN crackdown on certain non-US registrars offering “bulletproof” registrations to cybersquatters and other ne’er-do-wells.
I wouldn’t be surprised to find the number of ICANN de-accreditations citing refusal to cooperate with UDRP claims increasing in future.
The new ICANN document is a draft, and you can comment on it here.

Twenty registrars canned in 2009

Kevin Murphy, April 30, 2010, Domain Registrars

ICANN shut down 20 domain name registrars in 2009, and is on course to do the same this year, according to numbers released today.
That’s up from seven de-accreditations in 2008, and twice as many as the previous record year, 2003.
ICANN can withdraw accreditation from a registrar, stopping its ability to register domains, if the registrar fails to escrow Whois information or pay its ICANN dues.
It looks like 2010 could well see a similar level of de-accreditations.
Five registrars were shuttered in the first quarter, and ICANN has sent warnings to five more this month.