Thursday, April 19, 2018

The Vatican launches 4 new gTLDs

The Trademark Clearinghouse just published the dates for 4 Sunrise Periods. The Vatican is launching four "catholic" new gTLDs, one ASCII and three IDNs:
  1. The .CATHOLIC new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  2. The .天主教 (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  3. The .كاثوليك (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  4. The .католик (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
What for?
What the .CATHOLIC new gTLD application says: "The mission⁄purpose of the .catholic TLD is to share the teachings, message and values of the Catholic Church with its own members and with the wider global community, by creating a dedicated, authoritative online space for the exclusive use of the Catholic Church and its constituent institutions, including dioceses, religious orders, institutes of consecrated life and organizations affiliated to the Catholic Church, and for the benefit of its adherents globally. The .catholic TLD will serve as an important method of communication for the Church, by establishing a formal and official channel for online communications via the appropriate channels of the Catholic Church. This function of the TLD is consistent with the Church’s core activities, as communication is important in the life of the Church insofar as it facilitates the sharing of information and helps build a sense of community and belonging amongst its adherents. The .catholic TLD will complement the Church’s long established global network of communications activities including print and digital media, television and radio".

Who for?
The applications says that these domain names won't be available for registration (note that this can change): "All domain name registrations in the .catholic TLD will be registered to, and maintained by, the PCCS for the exclusive use of the PCCS and the constituent institutions of the Church. The PCCS will not sell, distribute or transfer control or use of any registration in the TLD to any third party that is not identified within the TLD Catholic Community. As such, individual adherents will not be eligible to register or be granted use of .catholic domain names. Dioceses, religious orders and institutions as found in the “Annuario Pontificio” (the official annual directory of all the institutions related to the Holy See) are recognised as members of the TLD Catholic Community, by virtue of their being formally recognised by the Catholic Church. This recognition is primarily, though not exclusively, evidenced by inclusion in the Annuario Pontificio. The PCCS will maintain a list of institutions formally recognised by the Holy See as falling within the Catholic Church.
Each diocese, official religious order of the Catholic Church and Church-affiliated institution, may be granted use of an associated .catholic domain name to facilitate the establishment of formal and official channels of online communication for the Catholic Church, and promote the overall mission⁄purpose of the .catholic TLD. The use of the domain names by these institutions is subject to internal acceptable use policies".

Religious new gTLDs
Once a month we update new gTLD registration volumes for Religion at Jovenet Consulting, check for "religions" in our list of reports.

Check the Trademark Clearinghouse Calendar for more.

Wednesday, April 18, 2018

(UPDATE) Phishing: let's be frank

I just finished a procedure which consisted in declaring a domain name hosting a phishing operation and it took one month "for the procedure to end". The domain name is still active and, according to the ICANN, the Registrar hosting the website "demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse". I won't verify that because I already wasted too much time sending emails and checking answers to follow procedures.

The ICANN "does things"
Something that I have to admit is that the ICANN did something and without the ICANN taking my complaint into account, nothing would have probably happened. The reason why I write this is that the Registrar to which I complained...never answered me in return. It seems that ICANN had to be involved for my complaint to be considered by this Registrar.

This is not enough
There are procedures: they exist and according to the agreement that all accredited Registrars sign with the ICANN, they have to act but in my case...the Registrar incriminated did not. Let's say that he did but long after my complaint was sent and after I complained to the ICANN. I suspect that such situations must happen often. Also, I have been long enough in this industry to know that these procedures exist only to exist: who knows where to write and who writes to an accredited Registrar to complain about a domain name used for phishing?

The problem
Dealing with phishing is a problem and this is not going to change:
  1. We have useless procedures to declare domain names used for phishing operations:
    1. it is unclear: where do you declare? At the ICANN, the Registrar, the Registry or the totally useless Anti-Phishing Working Group (APWG)?
    2. procedures are difficult to find.
    3. what happens when a lazy Registrar just does not answer: do you...wait for him to take the lead? (believe me I tried)
  2. The volume of new gTLDs is increasing and - unless I am the only one in the world - I receive more phishing attempts, they are industrialized and more sophisticated: with such procedures, are we solving the problem? No.
In the hands of Registrars
I asked Verisign the question about "what is it that I should do in the case of phishing". The Verisign support was very fast answering me:

My question:
What should I do when I have identified a ".com" domain name hosting a phishing operation?
Their answer:
You can report phishing domain names to the sponsoring Registrar of the domain name.
You may use the WHOIS service on our homepage to identify the Registrar of the domain name:
So I had another question:
I did already but it took more than one month (as you can read here: and the only results were issued from the ICANN, the Registrar did nothing. My question is more simple: isn't there a form at the ".com" Registry (Verisign) where I can complain so a domain name can be investigated faster and taken down?
Their kind answer:
No, unfortunately we do not have such service.
In order for Verisign to take down any domains, Verisign will need a valid Court Order in which our Legal needs to review and accept before we can take any further action.
The Registry is the legal entity to allow the creation of domain names and, in the case of ".com" domain names, it has to go through the Registrar. At least, the answer is clear.

I asked the same question to what I call "a Multiple Registry" It is an operator, Donuts Inc. here, which is operating several new domain name extensions.

My question:
Can you take a domain name down if operated by a Donuts registry in the case of phishing?
Their answer:
Donuts takes reports of abuse seriously. If you need to report a domain name that is being used for an abusive or malicious purpose, please fill in the fields below, and submit to us.
My understanding of this is that the registry for ".com" domain names won't act directly and will direct you to the accredited registrar in charge of the domain name; or it will act if there is a court order. On the other hand, this multiple registry I asked the question to would probably act without a court order. The problem dealing with Registrars is that they don't necessarily act and when they do, they can be very slow. I will take the Donuts Answer for granted here and will consider that I might have found another good reason to promote new gTLDs.
End of the update

My "have balls" solution: responsibility and rudeness
Registrants (owners of domain names) are responsible for what they publish, shouldn't the problem be considered differently and the responsibility of a phishing operation transferred to the Registrant?

Changing the status of a domain name can be done faster at the Registry level, not at the Registrar. If the Registry were to receive the complaint and the one to investigate, it could act faster. That means:
  • Identify if a domain name is in use for a phishing operation;
  • Change the status of the domain to one informing users in the Whois;
  • Change the DNS to a parked page that is not hurting consumers:
    • advertise the reason for this change of front page ("ongoing phishing operation" or "domain name used for a phishing operation", ...);
    • advertise the name of the accredited Registrar (so he is faster contacting his client to get rid of this status and front page ;-)
  • Registry to contact the famous "abuse" email at the Registrar (that one they don't particularly pay attention to) to inform him about this change of status. 
  • Change the DNS back to the previous one when the Registrant/Registrar have done some cleaning.
Rude isn't it? The problem with rules is that few follow them on Internet. I am referring here to the agreement that registrars sign with the ICANN: it shouldn't take one month and so many emails shared for a phishing operation to be taken down. Also, many working groups probably work very hard but ... some problems like phishing and spam are not decreasing at all...the opposite is happening. Isn't it time to set up solutions that work?

"Consumers first".

Friday, April 13, 2018

The .CHARITY new gTLD: contract signed

On 11 April 2018, ICANN and Corn Lake, LLC, entered into a Registry Agreement under which Corn Lake, LLC, operates the .CHARITY top-level domain.

2 IDN competitors
There are two other IDN new gTLDs meaning "charity" in Chinese (note that one of the two could be a mistake on the ICANN website:
  1. The ".慈善" (".xn--30rr7y", "charity", /cishan/) new gTLD, delegated in March 2015 and which has 7 domain names created,
  2. The ".公益" (".xn--55qw42g" – Chinese for "charity") new gTLD, delegated in December 2013 and which has 21 domains created.
Details of the latest signed new gTLD agreements can be found here.

Thursday, April 12, 2018

Is the .CANON new gTLD finally here?

The .CANON new gTLD was delegated in february 2015 and was one of the first dotBrand extensions to have been announced, long prior to the first round of the ICANN new gTLD program to begin.
In 3 years, its number of registrations stagnated but recently 11 more domain names were created and it appears than more are coming: the .CANON new gTLD has grown from 18 to 29 new ".canon" domains created in March 2018. Some of these registrations are:
  • ...
More numbers
Canon is a major camera manufacturer but other camera trademarks have acquired their personalized domain name extension:
  • The .NIKON new gTLD had 1 domain name registered in March 2018;
  • The .PANASONIC had 2;
  • The .YODOBASHI has 1;
  • The .PANASONIC had 2;
  • The .SONY had 9;
  • The .OLYMPUS application was withdrawn.
The new gTLD report related to photography is updated at the end of April, let's see if Canon registers more domains.

Friday, April 6, 2018

Verified Twitter accounts for Registries

A domain name extension is operated by what we call a "Registry", a monopolistic situation since there is one registry - worldwide - for a domain name extension. Let's give an example here, the registry for ".club" domain names is .Club Domains, LLC : a company based in Florida. For the ".eco" Top-Level Domain (example shown below), it is...this company.

Making sense
As an intense follower of the worldwide new gTLD activity, I noticed that some registries' Twitter account start to "be verified". In more simple words, it means that they are legitimate. In even more simple words, it means that they really are who they say they are: the legal monopolistic organization to have been granted authorization to deploy a new domain name extension by the ICANN.

The information can be confusing on Twitter when following the news about a TLD: many applicants started to promote their extension before learning that there could be more than one applicant (...) In other words, there are several accounts on Twitter looking like they could be an official registry account (but they are not). The ".eco" is an official one.

In terms of wording, it can be confusing too since those to buy domain names, or those with an interest to follow news about a certain TLD, are not necessarily familiar with the vocabulary used in the domain name space: when finding the unverified Twitter account of a registry, a user can fall onto a crap domainer twitter account trying re-sell domain names from that registry. Most of the domaining activity is absolutely not connected to the registries, registries often have their own premium domains program.

I strongly believe that it makes sense for a registry to ask to have its Twitter account "verified":

  1. As a person involved in domain name things, it is of interest to me and it probably is the same for many IP and IT departments involved in domain name operations;
  2. It should be an easy task since a registry is a monopoly so it matches with the Twitter definition of a verified account: "An account may be verified if it is determined to be an account of public interest. Typically this includes accounts maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas". Isn't a legal monopolistic position a key interest area?
How to
First, it would be a good thing for registries (but .BRANDS maybe) to have a twitter account. Then it would make sense to use it because most believe that it is the job of accredited registrar to promote their TLD when domain name registration volumes have clearly demonstrated that it is not.
Second, Registries should have a strategy because adopting a Twitter account will generate interest and an account which does not publish anything sends a bad messages to potential registrars and registrants.

Then, registries should read that page and learn more about verified Twitter accounts but...don't expect to be verified soon because:
  1. Being verified takes time;
  2. Twitter has temporarily stopped verifying accounts so you will have to wait.
To registries: once verified, send me your Twitter account, I'll be happy to shout out loud.

Tuesday, April 3, 2018

Better than nothing for .BRAND new gTLDs

When going to Google and entering this in the search field: "site:.TLD" (without quotations and where "TLD" stands for a new domain name extension), you will notice that many of them have redirections indexed in Google. I really don't understand Google's logic behind this but...redirections are indexed.

Not all Trademarks use their .BRAND
In the recent updated new gTLD reports, it is noticeable that more Trademarks to have acquired their .BRAND domain name extension, do register more of their domain names. On the other hand, it is also noticeable that some .BRANDs are still "pending activation": I mean by this that they are delegated and fully functional but their owners have only registered one single domain name (the nic.TLD most of the time which presents the TLD's rules).

What are .BRANDs waiting for then?
If no use is found of a .BRAND domain name extension then I don't understand why those trademarks with various local presences worldwide, or present in various cities, don't use redirections using city names just to be better indexed in Google.

I had a look at the famous .CLUBMED new gTLD and it has 6 ".clubmed" domain names registered (see the March 2018 update). The French Club Mediteranée is a famous French travel agency and has a presence in several cities in most of the countries in the world. Wouldn't a redirection like to be a idea to industrialize for all destinations?

If redirections can be risky to use, I wonder if it is better to be charged for a .BRAND new gTLD and not do anything with it. I believe it can be worth it to have a redirection strategy put in place instead of throwing money at the wall.

DotBrand new gTLD applicant are not doing this so is it the cost of each domain names which is the issue? I doubt it is because it already cost each applicants $25,000 a year just in ICANN fees. So what is it then?

For questions, contact Jovenet Consulting.

Thursday, March 29, 2018

So you're a .GROUP of companies?

The word "group" is an English word and it has many significations but the first one that I think of is a group of companies (and not a music group). Wikipedia defines it like "a collection of parent and subsidiary corporations that function as a single economic entity through a common source of control". Good.

You are a .GROUP
I just tried a few French group names extracted from a list I found on Internet and I added ".group" behind each name to see if a domain name was in use. On the list below, I was surprised to see that many have registered their ".group" domain name.

On the results found:
  • some show the Registrar's parking page (instead of redirecting the domain name to their website);
  • some seem to have their name registered by a third party with an ugly parking page;
  • Groupe Dassault, Lagardère, Pernod Ricard and PSA are using a redirection to their main website;
  • Casino, Seb and LVMH seem squatted and parked on a "for sale "page;
  • Louis Dreyfus shows a page written in Chinese which says "This page appears because your site is closed. Please contact customer service" but when looking at the Whois database, it looks like the name was not registered by Louis all;
  • all other names were either not registered or show no content;
  • for one of them, the Whois shows: "The registration of this domain is restricted, as it is currently protected by a DPML Block."
  • None of this groups uses a ".group" domain name to point to a website.
Be careful, you're not alone
I also tried a few other English and American group names and I noticed that many ".group" domain names were registered other groups which have the same name and most of the time, in other countries. On the examples that I tried, most were short group names of three to four letters.

What's the idea here?
Companies like to secure their assets and it has now become a common practice to to secure domain names in advance:
  1. The first idea is to say that modern groups should register their ".group" domain name because examples above can cost a lot in legal procedures when they have been squatted and probably much more when no prior right can be demonstrated (and that concerns short names).
  2. The second idea is to say that "things can change" and some companies become group of companies later in their history: registering today is a way to secure the name for tomorrow when things have changed.
  3. Another idea is not to say that ".group" domains should be registered by all companies: for example, Jovenet Consulting is a small company and there is no plan to become a group so there is no reason to register such a domain name but the ".company" one maybe.
Internationalisation and English
Many companies have a website, and most of the time, the idea is to give the company an "international rayonnance" thank to Internet. Much of the content found online is not written in Portuguese nor it is written French: it is written in English (an in Chinese a little bit too). The word "group" is an English word so registering a ".group" domain name today is to me a good strategy for already existing groups but also...for coming group of companies.
By the way, did you know that the ".group" domain name also exists in Chinese? It is the .集团 IDN new gTLD and is stands for "Corporate Group".

Added to the monthly new gTLD report
Once a month, we edit a new gTLD report entitled "Companies", this reports lists new domain name registration volumes from extensions that we believe companies should secure their domain name with. We added the .GROUP new gTLD to the Companies new gTLD report at Jovenet Consulting. There are 62,000 ".group" domain name registered already. The March 2018 update is coming.

Register your Trademark using an agent.