Recent Posts
- Another country jumps on the .ai bandwagon
- ICANN lays out new rules for navel-gazing
- Surprising nobody, ICANN calls off Oman meeting
- Four registrars get terminated
- ICANN director and African internet pioneer Barrett dies
- Government to put the squeeze on .me registry partners
- More cheap new gTLD applications approved
- Nominet outsources cybersquatting disputes to WIPO
- Whois about to get even more useless
- Agentic AI has ICANN in a pickle
- .pay sunrise going gangbusters
- Nominet dodges millions in member refunds
- Identity Digital takes over 25-year-old TLD
- Ask.com hits the market as Jeeves breathes his last
- ICANN throws a bone to its most stubborn new gTLD applicant
- Cops get special Whois access rights
- Identity Digital acquires another dormant gTLD
- Verisign to delete .name 3LDs and email addresses
- Four more deadbeat registrars face firing squad
- ICANN punts on Oman meeting decision
- DNSSEC claims another registry victim
- .music has competition as .mu repositions
- Over 100 new gTLD bids have already been announced
- 2026 new gTLD round has actually opened
- Nominet wants to fight shrinkage without self-abuse
- Verisign cranks up guidance as .com swells
- More Verisign bitchiness as .com price rise revealed
- Is a .tree gTLD very cool or very silly?
- The internet just got its first new TLD since 2022
- Kid-friendly domains could be reborn
- Shrinking .us TLD is up for grabs
- Namecheap saw 116,000 phishing attacks last year
- .io safe for now as Trump puts Chagos deal on ice
- Amazon sells three gTLDs to Identity Digital
- .radio’s new owners might have a fight on their hands
- WIPO doubles the speed of UDRP cases
- Amazon joining GlobalBlock
- Unstoppable buys 10 new registrars
- ICANN cleaning house, cans four more registrars
- ICANN to throw millions more at cheapo gTLDs
- Introducing Stringtel, my new free new gTLD tool
- GlobalBlock signs the two best deals it will ever get
- Seven registrars get terminated
- GoDaddy launches DomainMaxxing to optimize your domains
- .latino gTLD to launch soon
- Amazon readies .pay gTLD
- Nominet reveals first DNS tech funding recipients
- ICANN hit with tinfoil-hat lawsuit
- .pn relaunches — you’ll never guess what they say it means
- Unstoppable focuses on proper domains, admits crypto was “craze”
- ICANN boss: no plans to scrap Oman meeting
- China domains dip in 2026
- ICANN maps out new gTLD timeline
- War disrupts ICANN 85
- Namecheap abandons fight for .org price caps
- Identity Digital acquires another gTLD
- Seven dead registrars on the out
- Sav.com owner takes over .radio gTLD
- .com zone tops 160 million domains
- ai.com, the most-expensive domain sale ever
- .ai hits seven figures, raises prices
- Typosquatter gets two years in jail
- Epstein low-balled registrants to get his exact-match domain
- Epstein bought “mother” domains for Fergie while serving time
- Two former ICANN directors want back in
- Former ICANN director could lose control of ccTLD
- UK launches “police.ai”, but does it own the domain?
- Team Internet still in talks to sell off domains unit
- NamesCon returning to Miami in November
- “Mad Dog” politician registers nazis.us, redirects to Trump admin site
- “Lowest Price Guaranteed!” $48 .com registrar canned
- No RDAP? No accreditation
- Fifth-largest gTLD not dead after all
- Half of registrar’s domains are abusive, ICANN says
- Burr joins PIR after leaving ICANN board
- Refunds galore as gTLD losers finally bow out
- .goo terminated as search engine closes down
- GoDaddy to offer domain blocking to people who don’t have trademarks
- Happy new year expected for domain industry, says ICANN
- Salesforce to apply for a dot-brand
- Team Internet looking to break up
- Noss to leave Tucows corner office
- Rubens Kühl has died
- Sinha angry with Chapman’s firing as ICANN vice chair
- Glitch redux: ICANN screws up new gTLD security again
- CentralNic claims second-largest TLD migration ever
- DNS issue at Amazon takes out major apps and sites
- .io sales almost double over three years
- Amazon delays book and fashion gTLDs
- Lindqvist shuffles the exec deck
- GoDaddy launches “ultra-premium” domain marketplace
- .mobi to get a new rival in .mobile
- Bye-bye .boomer! Blockchain players abandon new gTLD plans
- Decades-old US registrar gets a spanking
- love.you sold in apparent five-figure deal
- Bogus harassment complaints could get you an ICANN ban
- ICANN slaps open-mic ban on conflicted lawyers
- Final GTFO warning for 19 failed new gTLD bids
- Nominet opens $500,000 fund for open source projects
- Com Laude buys larger rival Markmonitor
- Epik took down Charlie Kirk doxing site
- Number of subsidized gTLD bidders far lower than thought
- Another registrar goes AWOL
- gTLD loses its second-largest registrar after breach
- Com Laude buys Fairwinds
- Unstoppable wants to be a registry back-end
- Sixteen new gTLD bids could face the firing squad
- Registry to release one-letter domains tomorrow
- New ICANN funding rules will cost smaller ccTLDs more
- .ai rival lines up gTLD bid
- Team Internet lays off 200
- Sixteen more orgs vie for cheap gTLDs, but…
- So who’s registering sunrise domains these days?
- Cloud gTLD gets launch dates
- Governments say new gTLD program “credibility” at stake
- NIXI planning doomed new gTLD bids
- AI experts replace Chapman on ICANN board
- RDRS may not be dead
- Single-letter .com lawsuit thrown out of court
- Golding challenges McCarthy for Nominet board seat
- Three applicants qualify for cheapo gTLDs
- Blockchain crisis looming for new gTLD next round
- Two more dot-brands leave Verisign for GoDaddy
- ICANN looking at new bulk reg rules
- Reseller loss hits Tucows’ DUM but not revenue
Whois privacy reforms incoming
Whois privacy services will become regulated by ICANN under proposals published today, but there’s a big disagreement about whether all companies should be allowed to use them.
A working group has released the first draft of its recommendations covering privacy and proxy services, which mask the identity and contact details of domain registrants.
The report says that P/P services should be accredited by ICANN much like registrars are today.
Registrars should be obliged to disclose which such services they operate or are affilated with, presumably at the risk of their Registrar Accreditation Agreement if they do not comply, the report recommends.
A highlight of the paper is a set of proposed rules governing the release of private Whois data when it is requested by intellectual property interests.
Under the proposed rules, privacy services would not be allowed to reject such requests purely because the alleged infringement deals with the content of a web site rather than just the domain.
So the identity of a private registrant of a non-infringing domain would be vulnerable to disclosure if, for example, the domain hosted bootleg content.
Registrars would be able to charge IP owners a nominal “cost recovery” fee in order to process requests and would be able to ignore spammy automated requests that did not appear to have been manually vetted.
There’d be a new arbitration process that would kick in to resolve disputes between IP interests and P/P service providers.
The 98 pages of recommendations (pdf) were drafted by the Generic Names Supporting Organization’s Privacy & Proxy Services Accreditation Issues Working Group (PPSAI) and opened for public comment today.
There are a lot of gaps in the report. Work, it seems, still needs to be done.
For example, it acknowledges that the working group didn’t reach any conclusions about what should happen when law enforcement agencies ask for private data.
The group was dominated by registrars and IP interests. There was only one LEA representative and only one governmental representative, and they participated in a very small number of teleconferences.
There was also a sharp division on the issue of who should be able to use privacy services, with two dissenting opinions attached to the report.
One faction, led by MarkMonitor and including Facebook, Domain Tools and fake pharmacy watchdog LegitScript, said that any company that engages in e-commerce transactions should be ineligible for privacy, saying: “Transparent information helps prevent malicious activity”.
Another group, comprising a handful of non-commercial stakeholders, said that no kind of activity should prevent you from registering a domain privately, pointing to the example of persecuted political groups using web sites to raise funds.
There was a general consensus, however, than merely being a commercial entity should not alone exclude you from using a P/P service.
Currently, registrar signatories to the 2013 RAA are bound by a temporary P/P policy that is set to expire January 2017 or whenever the P/P accreditation process starts.
There are a lot of recommendations in the report, and I’ve only touched on a handful here. The public comment period closes July 7.
Verisign adds 750,000 .com names instantly with reporting change
Verisign has boosted its reportable .com domain count by almost 750,000 by starting to count expired and suspended names.
The change in methodology, which is a by-product of ICANN’s much more stringent Whois accuracy regime, happened on Friday afternoon.
Before the change, the company reported on its web site that there were 116,788,107 domains in the .com zone file, with another 167,788 names that were registered but not configured.
That’s a total of 116,955,895 domains.
But just a few hours later, the same web page said .com had a total of 117,704,800 names in its “Domain Name Base”.
That’s a leap of 748,905 pretty much instantly; the number of names in the zone file did not move.
.net jumped 111,110 names to 15,143,356.
The reason for the sudden spikes is that Verisign is now including two types of domain in its count that it did not previously. The web page states:
Beginning with the first quarter, 2015, the domain name base on this website and in subsequent filings found in the Investor Relations site includes domains that are in a client or server hold status.
I suspect that the bulk of the 750,000 newly reported names are on clientHold status, which I believe is used much more often than serverHold.
The clientHold EPP code is often applied by registrars to domains that have expired.
However, registrars signed up to the year-old 2013 Registrar Accreditation Agreement are obliged by ICANN to place domains on clientHold status if registrants fail to respond within 15 days to a Whois verification email.
The 2013 RAA reads (my emphasis):
Upon the occurrence of a Registered Name Holder’s willful provision of inaccurate or unreliable WHOIS information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen (15) calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder’s registration, Registrar shall either terminate or suspend the Registered Name Holder’s Registered Name or place such registration on clientHold and clientTransferProhibited, until such time as Registrar has validated the information provided by the Registered Name Holder.
Last June, registrars claimed that the new policy — which came after pressure from law enforcement — had resulted in over 800,000 domains being suspended.
It’s an ongoing point of contention between ICANN, its registrars, and cops.
Verisign changing its reporting methodology may well be a reaction to this increase in the number of clientHold domains.
While its top-line figure has taken a sharp one-off boost, it will still permit daily apples-to-apples comparisons on an ongoing basis.
UPDATE:
My assumption about the link to the 2013 RAA was correct.
Verisign CFO George Kilguss told analysts on February 5.
Over the last several years, the average amount of names in the on-hold status category has been approximately 400,000 names and the net change year-over-year has been very small.
While still immaterial, during 2014, we saw an increase in the amount of names registrars have placed on hold status, which appears to be a result of these registrars complying with the new mandated compliance mechanisms in ICANN’s 2013 Registrar Accreditation Agreement or RAA.
In 2014, we saw an increase in domain names placed on hold status from roughly 394,000 names at the end of 2013 to about 870,000 at the end of 2014.
Google leaks 282,000 private Whois records
Google has accidentally revealed registrant contact information for 282,867 domain names that were supposed to be protected by a privacy service.
The bug reportedly affected 94% of the 305,925 domains registered via Google Apps, an eNom reseller.
The glitch was discovered by Cisco and reported to Google February 19. It has since been fixed and customers were notified yesterday.
Google acknowledged in an email to customers that the problem was caused by a “software defect in the Google Apps domain renewal system”.
It seems that anyone who acquired a domain with privacy through Google Apps since mid-2013 and has since renewed the registration will have had their identities unmasked in Whois upon renewal.
Names, addresses, emails and phone numbers were revealed.
Due to services such as DomainTools, which cache Whois records, there’s no putting the genie back in the bottle. The information is out there for good now.
It’s a pretty major embarrassment for Google, which recently launched its own registrar.
Nominet to give nod to .uk privacy services
Nominet plans to start accrediting proxy/privacy services in .uk domain names, and to make it easier to opt-out of having your full contact details published in Whois.
The proposed policy changes are outlined in a consultation opened this morning.
“We’ve never recognized privacy services,” director of policy Eleanor Bradley told DI. “If you’ve registered a .uk with a privacy service, we consider the privacy service to be the registrant of that domain name.”
“We’ve been pretending almost that they didn’t exist,” she said.
Under the proposed new regime, registrars would submit a customer’s full contact details to Nominet, but Nominet would publish the privacy service’s information in the domain’s Whois output.
Nominet, getting its hands on the customer data for the first time, would therefore start treating the end customer as the true registrant of the domain.
The company says that introducing the service would require minimal work and that it does not intend to charge registrars an additional fee.
Currently, use of privacy services in .uk is pretty low — just 0.7% of its domains, up from 0.09% a year ago.
Bradley said such services are becoming increasingly popular due to some large UK registrars beginning to offer them.
One of the reasons for low penetration is that quite a lot of privacy is already baked in to the .uk Whois database.
If you’re an individual, as opposed to a “trading” business, you’re allowed to opt-out of having any personal details other than your name published in Whois.
A second proposed reform would make that opt-out available to a broader spectrum of registrants, Nominet says.
“We’ve found over the last few years that it’s quite a hard distinction to draw,” Bradley said. “We’ve had some criticisms for our overly strict application of that.”
In future, the opt-out would be available according to these criteria:
i. The registrant must be an individual; and,
ii. The domain name must not be used:
a) to transact with customers (merchant websites);
b) to collect personal data from subjects (ie data controllers as defined in the Data Protection Act);
c) to primarily advertise or promote goods, services, or facilities.
The changes would allow an individual blogger to monetize her site with advertising without being considered a “trading” entity, according to Nominet.
But a line would be drawn where an individual collected personal data on users, such as email addresses for a mailing list, Bradley said.
Nominet says in its consultation documents:
Our continued commitment to Nominet’s role as the central register of data will enable us to properly protect registrants’ rights, release contact data where necessary under the existing exemptions, and maintain public confidence in the register. It acknowledges that some registrants may desire privacy, whilst prioritising the core function of the registry in holding accurate records.
The proposals are open for comments until June 3, which means they could potentially become policy later this year.
Here’s how the new number two new gTLD got so big so quick
Attentive DI readers will recall my journalistic meltdown last week, when I tried to figure out how the Chinese new gTLD .网址 managed to hit #2 in the new gTLD zone file size league table, apparently shifting a quarter of a million names in a week.
Well, after conversations with well-placed sources here at NamesCon in Las Vegas this week, I’ve figured it out.
.网址 is the Chinese for “.url”.
Its rapid growth — hitting 352,000 names today — can be attributed primarily to two factors.
First, these weren’t regular sales. The registry, Knet, which acquired original applicant Hu Yi last year, operates a keyword-based navigation system in China that predates Chinese-script gTLDs.
The company has simply grandfathered its keyword customers into .网址, I’m told.
The keyword system allows Latin-script domains too, which explains the large number of western brands that appear in the .网址 zone.
The second reason for the huge bump is the fact that many of the domains are essentially duplicates.
Chinese script has “traditional” and “simplified” characters, and in many cases domains in .网址 are simply the traditional equivalents of the simplified versions.
I understand that these duplicates may account for something like 30% of the zone file.
I’ve been unable to figure out definitively why the .网址 Whois database appeared to be so borked.
As I noted last week, every domain in the .网址 space had a Knet email address listed in its registrant, admin and technical contact fields.
It seems that Knet was substituting the original email addresses with its own when Whois queries were made over port 43, rather than via its own web site.
Its own Whois site (which doesn’t work for me) returned the genuine email addresses, but third-party Whois services such as DomainTools and ICANN returned the bogus data.
Whether Knet did this by accident or design, I don’t know, but it would have almost certainly have been a violation of its contractual commitments under its ICANN Registry Agreement.
However, as of today, third-party Whois tools are now returning the genuine Whois records, so whatever the reason was, it appears to be no longer an issue.
The new massive number two new gTLD has me paralyzed with confusion
The Chinese-script gTLD .网址 powered to the number two spot in the new gTLD rankings by zone file size this week, but it’s doing some things very strangely.
.网址 is Chinese for “.site”, “.url” or “.webaddress”.
The registry is Hu Yi Global, ostensibly a Hong Kong-based registrar but, judging by IANA’s records, actually part of its Beijing-based back-end Knet.
I’m going to come out and admit it: even after a few hours research I still don’t know a heck of a lot about these guys. The language barrier has got me, and the data is just weird.
These are the things I can tell you:
- .网址 has 352,727 domains in its zone file today, up by about a quarter of a million names since the start of the week.
- The names all seem to be using knet.cn name servers
- I don’t think any of them resolve on the web. I tried loads and couldn’t find so much as a parking page. Google is only aware of about eight resolving .网址 pages.
- They all seem to have been registered via the same Chinese registrar, which goes by the name of ZDNS (also providing DNS for the TLD itself).
- They all seem to be registered with “nameinfo@knet.com” in the email address field for the registrant, admin and technical contacts in Whois, even when the registrants are different.
- That’s even true for dozens of famous trademarks I checked — whether it’s the Bank of China or Alexander McQueen, they’re all using nameinfo@knet.cn as their email address.
- I’ve been unable to find a Whois record with a completed Registrant Organization field.
- Nobody seems to be selling these things. ZDNS (officially Internet Domain Name System Beijing Engineering Research Center) is apparently the only registrar to sell any so far and its web site doesn’t say a damn thing about .网址. The registry’s official nic.网址 site doesn’t even have any information about how to buy one either.
- ZDNS hasn’t sold a single domain in any other gTLD.
- News reports in China, linked to from the registry’s web site, boast about how .网址 is the biggest IDN TLD out there.
So what’s going on here? Are we looking at a Chinese .xyz? A bunch of registry-reserved names? A seriously borked Whois?
Don’t expect any answers from DI today on this one. I’ve been staring at Chinese characters for hours and my brain is addled.
I give up. You tell me.
.uk suspension problems worse than I thought
Problems validating the addresses of .uk domain registrants, which caused one registrar to dump the TLD entirely, are broader than I reported yesterday.
Cronon, which does business as Strato, announced last week that it has stopped selling .uk domain names because in more than a third of cases Nominet, the registry, is unable to validate the Whois data.
In many cases the domain is subsequently suspended, causing customer support headaches.
It now transpires that the problems are not limited to .uk second-level names, are not limited to UK registrants, and are not caused primarily by mailing address validation failures.
Michael Shohat, head of registrar services at Cronon, got in touch last night to clarify that most of its affected customers are in fact from its native Germany or from the Netherlands.
All of the affected names are .co.uk names, not .uk SLDs, he added.
And the validation is failing in the large majority of cases not due to Nominet’s inability to validate a mailing address, but rather its inability to validate the identity of the registrant.
“This is where the verification is failing. The database they are using can’t find many of our registrants’ company names,” Shohat said.
“So 30% of our registrations were being put on hold, almost all of them from [Germany] and [the Netherlands], and 90% of them because of the company name. We checked lots of them and in every single case the name of the company was correct, and the address as well,” he said.
Michele Neylon of the ICANN Registrar Stakeholders Group said that Cronon is not the only registrar to have been affected by these issues. Blacknight Solutions, the registrar Neylon runs, has been complaining about the problem since May.
According to Neylon, the Nominet policy causing the issue is its data quality policy, which covers all .uk and .co.uk (etc) names.
The policy itself is pretty vague — Nominet basically says it will work with each individual registrar to determine a baseline of what can be considered a “minimum proportion of valid data”, given the geographic makeup of the registrar’s customer base.
Domains that fail to meet these criteria have a “Data Quality Lock” imposed — essentially a suspension of the domain’s ability to resolve.
Earlier this year, Nominet did backtrack on plans to implement an automatic cancellation of the names after 30 days of non-compliance, following feedback from its registrars.
“It’s disappointing that Cronon have taken this step; we hope they will consider working with us to find a way to move forward,” a Nominet spokesperson added.
She said that the registry has over recent years moved to “more proactive enforcement” of Whois accuracy. She pointed out that Nominet takes on the “lion’s share of the work”, reducing the burden on registrars.
“However, our solution does not include non-UK data sets to cross-reference with, so it is possible that some false positives occur,” she said. “Registrars with a large non-UK registrant bases, who are not accredited channel partners, would be affected more than others.”
An Accredited Channel Partner is the top tier of the three Nominet offers to registrars. It has additional data validation requirements but additional benefits.
While .co.uk domains are not limited to UK-based registrants, all .uk SLD registrants do need to have a UK mailing address in their Whois for legal service.
The company’s inability to validate many non-UK business identities seems to mean .co.uk could also slowly become a UK-only space by the back door.
Big registrar dumps .uk — a glimpse of Christmas future?
German registrar Cronon, which retails domains under the Strato brand, has stopped carrying .uk domains due to what it says are onerous Whois validation rules.
In a blog post, company spokesperson Christina Witt said that over one third of all .uk sales the registrar has been making are failing Nominet’s registry-end validation checks, which she said are “buggy”.
With the introduction of direct second-level registration under .uk, Nominet introduced a new requirement that all new domains must have a UK address in the Whois for legal service, even if the registrant is based overseas.
According to its web site, Nominet checks registrant addresses against the Royal Mail Postcode Address file, which contains over 29 million UK addresses, and does a confidence-based match.
If attempts to match the supplied address with a UK address in this file prove fruitless, and after outreach to the registrant, Nominet suspends the domain 30 days after registration and eventually deletes it.
It’s this policy of terminating domains that has caused Strato to despair and stop accepting new .uk registrations.
“Databases of street directories or company registers are often inaccurate and out of date,” Witt wrote (translated from the original German). “The result: addresses that are not wrong, in fact, are be found to be invalid.”
Nominet is throwing back over a third of all .uk names registered via Strato, according to the blog post, creating a customer support nightmare.
Its affected registrants are also confused about the verification emails they receive from Nominet, a foreign company of which they have often never heard, Witt wrote.
I don’t know how many .uk names the registrar has under management, but it’s reasonably large in the gTLD space, with roughly 650,000 domains under management at the last count.
If Strato’s claim that Nominet is rejecting a third of valid addresses (and how Strato could know they’re valid is open to question), that’s quite a scary statistic.
Nominet seems to be using an address database, from the Royal Mail, which is about as close to definitive as it gets. And it’s only verifying addresses from a single country.
I shudder to imagine what the false negative rate would be like for a gTLD registrar compelled to validate addresses across 200-odd countries and territories.
The latest version of the ICANN Registrar Accreditation Agreement requires registrars to partially validate addresses, such as checking whether the street and postal code exist in the given city, but there’s no requirement for domains to be suspended if these checks fail.
[UPDATE: Thanks to Michele Neylon of the Registrars Stakeholder Group for the reminder that this RAA requirement hasn’t actually come into force yet, and won’t until the RrSG and ICANN come to terms on its technical and commercial feasibility.]
Where the 2013 RAA does require suspension is when the registrant fails to verify their email address (or, less commonly, phone number), which as we’ve seen over the last year leads to hundreds of thousands of names being yanked for no good reason.
If Strato’s story about .uk is correct and its experience shared by other registrars, I expect that will become and important data point the next time law enforcement or other interests push for even stricter Whois rules in the ICANN world.
DreamHost hit with big breach notice
DreamHost, a web hosting provider which says it hosts over 1.3 million web sites, has been hit with a lengthy ICANN compliance notice, largely concerning alleged Whois failures.
The breach notice raises questions about the company’s popular free Whois privacy service.
Chiefly, DreamHost has failed to demonstrate that it properly investigates Whois inaccuracy complaints, as required by the Registrar Accreditation Agreement, according to ICANN.
The notice contains numerous other complaints about alleged failures to publish information about renewal fees, its directors and abuse contacts on its web site.
The domain highlighted by ICANN in relation to the Whois failure is senect.com
ICANN sent three compliance notices to DreamHost concerning a Whois inaccuracy report for the domain name
and requested DreamHost demonstrate that it took reasonable steps to investigate the Whois inaccuracy claims. DreamHost’s failure to provide documentation demonstrating the reasonable steps it took to investigate and correct the alleged Whois inaccuracy is a breach of Section 3.7.8 of the RAA.
Weirdly, senect.com has been under private registration at DreamHost since the start of 2012.
ICANN seems to be asking the registrar to investigate itself in this case.
DreamHost offers private registration to its customers for free. It populates the Whois with proxy contact information and the registrant name “A Happy DreamHost Customer”.
DomainTools associates “A Happy DreamHost Customer” with over 710,000 domain names.
As an accredited registrar, DreamHost had over 822,000 gTLD domain names at the last count. According to its web site, it has over 400,000 customers.
The breach notice also demands the company immediately start including the real contact information for its privacy/proxy customers in its data escrow deposits.
ICANN has given the company until November 21 to resolve a laundry list of alleged RAA breaches, or risk losing its accreditation.
A million domains taken down by email checks
Over 800,000 domain names have been suspended since the beginning of the year as a result of Whois email verification rules in the new ICANN Registrar Accreditation Agreement.
That’s according to the Registrars Stakeholder Group, which collected suspension data from registrars representing about 75% of all registered gTLD domain names.
The actual number of suspended domains could be closer to a million.
The 2013 RAA requires registrars to verify the email addresses listed in their customers’ Whois records. If they don’t receive the verification, they have to suspend the domain.
The RrSG told the ICANN board in March that these checks were doing more harm than good and today Tucows CEO Elliot Noss presented, as promised, data to back up the claim.
“There have been over 800,000 domains suspended,” Noss said. “We have stories of healthcare sites that have gone down, community groups whose sites have gone down.”
“I think we can safely say millions of internet users,” he said. “Those are real people just trying to use the internet. They are our great unrepresented core constituency.”
The RrSG wants to see contrasting data from law enforcement agencies and governments — which pushed hard for Whois verification — showing that the RAA requirement has had a demonstrable benefit.
Registrars asked at the Singapore meeting in March that law enforcement agencies (LEA) be put on notice that they can’t ask for more Whois controls until they’ve provided such data and ICANN CEO Fadi Chehade said “It shall be done by London.”
Noss implied that the majority of the 800,000 suspended names belong to innocent registrants, such as those who had simply changed email addresses since registering their names.
“What was a lovely political win that we said time and time again in discussion after discussion was impractical and would provide no benefit, has demonstrably has created harm,” Noss said.
He was received with cautious support by ICANN board members.
Chair Steve Crocker wonder aloud how many of the 800,000 suspended domains are owned by bad guys, and he noted that LEA don’t appear to gather data in the way that the registrars are demanding.
“We were subjected, all of us, to heavy-duty pressure from the law enforcement community over a long period of time. We finally said, ‘Okay, we hear you and we’ll help you get this stuff implemented,'”, he added. “That creates an obligation as far as I’m concerned on their part.”
“We’re in a — at least from a moral position — in a strong position to say, ‘You must help us understand this. Otherwise, you’re not doing your part of the job'”, he said.
Chehade also seemed to support the registrars’ position that LEA needs to justify its demands and offered to take their data and concerns to the LEA and the Governmental Advisory Committee.
“They put restrictions on us that are causing harm, according to these numbers,” he said. “Let’s take this back at them and say, hey, you ask for all these things, this is what happened.”
“If you can’t tell me what good this has done, be aware not to come back and ask for more,” he said. “I’m with you on this 100%. I’m saying let’s use the great findings you seem to have a found and well-package them in a case and I will be your advocate.”
Director Mike Silber also spoke in support of the RrSG’s position.
“My view is if what you are saying is correct, the LEA’s have blown their credibility,” he said. “They’re going to have to do a lot of work before we impose similar disproportional requirements on actors that are not proven to be bad actors.”
So what does this all mean for registrants?
I don’t think there’s any ongoing process right now to get the Whois verification requirements overturned — that would require a renegotiation of the RAA — but it does seem to mean demands from governments and police are going to have to be much more substantiated in future.
Noss attempted to link the problem to the recommendations of the Whois Expert Working Group (EWG), which propose a completely revamped, centralized Whois system with much more verification and not much to benefit registrants.
To paraphrase: if email verification causes so much harm, what harms could be caused by the EWG proposal?
The EWG was not stuffed with LEA or governments, however, so it couldn’t really be characterized as another set of unreasonable demands from the same entities.
Recent Comments