Thursday, May 24, 2018

The .ICU Sunrise Period ends

The .ICU new gTLD Sunrise Period ends today:
  • SUNRISE PERIOD END: Thursday, 24 May, 2018 - 14:00;
  • CLAIMS NOTIFICATION PERIOD END: Thursday, 30 August, 2018.

More details are available on the TMCH Calendar.

Tuesday, May 22, 2018

New gTLDs, New Measures

This is a copy-paste of a recent 3 pages letter sent from the Brand Registry Group to the ICANN. You will find the link to download the original letter down this post. Potential .BRAND new gTLD applicants will certainly love its content.
The letter:

"At ICANN61 it was refreshing to hear from the variety of registry operators that have been working hard to make a success of their new gTLDs. In the Cross-Community session “A Walk in the Shoes of a New gTLD Registry Operator” the measures of success demonstrated by the 1 different registries were noticeably different to those of legacy TLDs, which often focus on a very narrow measure; the volume of domains under management.

Many of the new registries launched from the 2012 application round are not driven primarily, if at all, by the number of domain names they manage. Instead, they have a stronger focus towards registering domains for purposeful and positive needs. Examples covered during the ICANN61 cross-community sessions highlighted the following:
  • Brand TLD (dotBrand) registries do not have a revenue-based motive for operating a registry; it is a cost borne by the business to provide a stronger platform to manage their online presence, communications and business operations. It is a trusted space that is controlled and operated from the registry operator at the root of the Internet all the way through to delivery to Internet users.
  • Highly-restricted TLDs, such as .bank and .pharmacy, apply strict controls from verification of registrants through to higher standards of operation within the Top Level Domain environment, providing assurances to users and confidence that they are dealing with legitimate organisations. These communities self-regulate their registry, applying levels of controls far in excess of the minimal requirements you find in open, commercial TLD registries.
  • Geographic TLDs, particularly capital cities, such as dotBerlin, have developed TLDs with a strong sense of community and purpose, something shared by other generic-termed TLDs, such as .art and .design.
Importantly, we also heard how the ability to operate a registry with strict controls over who can register domains and how they can use the domains has a positive effect for Internet users by minimising abuse and confusion. Significantly, no domain name abuse or domain name infringements have occurred within dotBrand and highly-restricted registries, something that should not be overlooked or disregarded as a measure of success for New gTLDs.

This "zero-abuse” is an important factor for the domain industry as it moves into an active GDPR environment in May 2018. Concerns raised by governments, law enforcement, intellectual property protectors and security organisations, in the context of investigating and responding to domain abuse and infringements, become irrelevant where a registry operates without any abuse.

Quality not quantity
Domain names have long been treated as a commodity, providing low-cost and low-risk opportunities for acquiring domain names, absent of any need for a purpose or intention of use. Whilst many domains exist in legacy TLDs and ccTLDs are registered for a valid purpose and intent, they share rent with thousands of other domains that are registered with the desire to mislead, confuse or defraud Internet users. In response to these negative behaviours, volumes of domains have expanded, unsurprisingly, for protective purposes to counter trademark infringements and abuse across gTLD and ccTLD extensions.

Volume, therefore, is not necessarily a reasonable measure of success. Context and the scope of use is also an important factor.

A registry operated as a dotBrand may have a handful of domains registered but these could support a global organisation’s online business, communications and much more, serving millions of Internet users. A highly-restricted registry, such as .bank, may have a few hundred registrations, with verified registrants and stringent security controls associated with using a their .bank domains. Both examples are of registries that have a sense of purpose, a backbone, that ultimately provides safe and trusted environments for online users. They do not need high volumes of domain names to provide these benefits or to sustain their registry.

Long-term aims, not short-term gains
These successes highlighted in the cross-community session should not be a surprise, the intention of the New gTLD Program was to promote choice, competition and innovation. We are now witnessing the positive effect of these new registries that are performing effectively and with a sense of purpose. This is not by accident, but derived from long-term strategies and delivered with enthusiasm and commitment of these registry operators.

Regrettably, we often hear of complaints of the New gTLD program being slow to gain traction. But this ignores the introduction of different models, models that have different ambitions than simply replicating what we have seen before, models that compete in different ways, models that safeguard Internet users (not just registrants) and models that will unlock further innovation in the DNS.

Next opportunity for New gTLDs
Despite the promise of launching “subsequent gTLD application rounds as quickly as possible” after the 2012 round was launched and “within one year of the close of the application submission period”, there is no clear indication from ICANN when the next opportunity to apply will begin, with six years having already passed.

Organisations that did not apply in 2012 in the anticipation that they could apply 12-24 months after, have been misled by ICANN’s intent. Before risking further loss of faith from prospective applicants, ICANN should set a deadline for the next application window to start. ICANN should be more proactive in meeting its commitments and allow new applications to commence within a reasonable published timeframe.

Notwithstanding the incredible efforts of the community to conduct New gTLD reviews and policy improvement programs, six years is already a significant and embarrassing gap between application rounds, a gap that continues to grow. No doubt there are some complex issues involved, derived from the experiences of the 2012 round. However, for the majority of applications there were few or no issues, or those issues were resolved as part of the post-application process and prior to delegation. On this basis, it should be reasonable for ICANN to move forward and prepare for a new application round.

Even if ICANN limited the next round to certain types of applicants this would help ICANN to continue to promote choice, competition and innovation, following the years of delay. The criteria could, for example, be limited to the types of registries considered to be low in risk of domain abuse and infringements, thereby safeguarding users. In other words, these types of registries could be regarded as “in the public interest”.

However ICANN chooses to progress to the next round, the application window needs to be sooner rather than later. The demand exists but may wane if ICANN does not deliver on its commitment.

ICANN Budget & Reserves
Recognising the years of work that have already been consumed in relation to New gTLD reviews and policy development, it was alarming to hear that the ICANN budget drafted for FY19 was absent of any funding to support preliminary implementation work for the next application window, even though the GNSO Subsequent Procedures PDP work should be completed before the financial year concludes.

This oversight may have been caused by the budget constraints in response to runaway costs over the preceding few years that has affected the level of reserves, but it is also short-sighted. With demand for more TLDs, ICANN could drive forward the next application window in a reasonable timeframe, providing new revenue streams to support the organisation longer term. At the very least, this should be signalled by ICANN by way of anticipating implementation work to begin during FY19, along with a suitable budget.

A positive reflection, time to do more
The Brand Registry Group (BRG) hopes that you and your Board colleagues are encouraged by the examples of different New gTLD operators that were presented during the ICANN 61 crosscommunity session, and acknowledge their different perspectives of success. It is important that the Board is aware of these different models and how they can have a positive influence on the domain industry.

We also hope the Board can leverage these use cases and their benefits to be more confident in driving forward with the next application round. The continuing absence of a target date strongly indicates a lack of commitment and confidence from the Board to deliver against the intention of the Applicant Guidebook. To this point, the BRG would encourage the Board to take the initiative and set a target date for the community and potential applicants to work towards.

The BRG is aware of and continues to participate within various policy development activities to help improve the application process in future. We also appreciate that the next round requires planning and implementation work that will, in part, be directed or influenced by the outcome of these community work activities. Nevertheless, this should not prevent ICANN from planning and developing the implementation work based on previous practical experience, input from the community during the GNSO PDP Subsequent Procedures PDP, and, where necessary, predicting the likely outcome of these discussions. This should be supported with appropriate resources and budget and commence at the earliest opportunity.

The time to do more is long overdue."

Read the letter (PDF download)

Wednesday, May 16, 2018

New gTLD Innovation with .LIAISON

An exciting news in the world of dotBrand Registries with the .LIAISON new generic Top-Level Domains.

Authentic Web today announced a partnership with Liaison Technologies Inc. to develop the industry's first network security and compliance application, anchored on the trust authority and new control capabilities of Liaison's Brand Registry: .LIAISON

The new trust protocol technology developed by Authentic Web is designed to secure and protect data in motion on enterprise networks.

Over 550 global brands secured their own registry. This announcement describes a compelling use case for all businesses that rely on secure network server-to-server communications. As digital transformation initiatives expand the enterprise network surface area and as new data management regulations come into force, it has never been more urgent to ensure regulatory compliance and prioritize actions to protect your enterprise and customer data. Using a .BRAND Registry with the Authentic Web trust protocol is a step towards meeting these priorities. It's a valuable use-case supporting your company's decision to acquire your Brand Registry - and a reason to apply in the next round if you missed out.

Our joint press release with Liaison Technologies has more information.

Feel free to contact Authentic Web for more specifics.

Monday, May 14, 2018

The .LTD new gTLD enters the TOP 10

The .LTD new gTLD belongs to Donuts, an American company, and just entered the new gTLD TOP 10 in volumes with 468,462 domain names registered. This "explosion" started in May the 7 2018 and 417,815 of these domain names were recently registered at one single accredited registrar China (source

Something is going on
When such an important number of domain names are registered at the same time, it means that there is something going on...or maybe there was a fantastic communication campaign in China and all LTD companies decided to grab their ".ltd" domain name...but I doubt it. It is also possible that an investor decided to focus on this Top-Level Domain.

Just for the note
The "LTD" is the sign for Limited Companies (limited company). There is a .LTDA new gTLD too which was delegated in 2014. The registry says that ".LTDA domains are only available to companies which are recorded as Sociedad de Responsabilidad Limitada or Sociedade Limitada at the responsible authorities in Brazil and other Latin American countries".

When choosing a domain name, I strongly suggest to check that document first, it is the list of similar domain name extensions.

Friday, May 11, 2018

Why we're adding .APP to our new gTLD report

The "new gTLD reports" are monthly snapshots of new domain name registration volumes according to specific categories of businesses or groups and three of these reports are "special".

3 new gTLD reports are "indicators"
In our list of 17 reports, 3 are slightly different from the 14 others:
  1. The report related to Companies lists the gTLDs in which we believe a company should register its name or trademark with;
  2. The Singular VS Plural reports lists registration volumes but more important, it lists the TLDs that do exist in two versions: singular and plural (ie: ".accountant" and ".accountants";
  3. The Multiple Registries one is an indicator of volumes registered from a group to have acquired several domain name extensions.

Why we're adding .APP to our report for Companies
There are several reasons for this:
  • The cloud application market was valued at $ 52.605 billion in 2017 and is projected to expand at a compound annual growth rate of 14% over the forecast period to reach $115.71 billion by 2023. If numbers remain number, it still means that it is expanding fast. In more simple words, "apps" are adopted and chances are high that more companies either decide to point their website visitors to an application, or even create theirs;
  • Domain names ending in ".app" were massively registered during their General Availability Period and when this happens, the risk increases for a Trademark to have its name squatted; so $20/year to block this from happening is not a prohibitive investment;
  • It is multilingual: you say "app" to qualify an application is many languages worldwide;
  • It's a memorable TLD if you are in the application development business;
  • A SSL certificate is mandatory to use a ".app" domain name and SSL is a sign that security is increased on such a website: demonstration of security increases trust in a company;
  • It's cheap and when domain names are cheap, potential users tend to buy them more and install them;
  • It can be free: we acquired for free (for its first year of registration).
Companies are not concerned by all new extensions but a certain number them. The number one reason why we believe that .APP should be added to our list is that companies are coming to the use of applications and informing about it on a domain name ending in ".app" demonstrates innovation. Of course, application developers are more concerned by this statement.

A hidden reason
There's another hidden reason actually why we think that companies should secure their ".app" domain name...but this one...well, this is what we think: Google operates the .APP new gTLD and it is also a search engine; not "a" search engine actually but "the" search engine most of the world uses. Google decides what can be best indexed on its own platform. When informing about a content related to applications AND using a SSL certified website (recently advertised by Google to give a ranking boost to secure https/ssl websites), we think that using a ".app" domain name will rank better in search engine results.

The latest new gTLD report for Companies is available here.

Wednesday, May 9, 2018

The .APP has 150.000 registrations

The .APP new gTLD has passed the 150,000 domain name registrations just after a few days it entered its "GA" period.

The General Availability period
Known as "GA", this period is when a registry has ended all previous periods such as the Sunrise Period one, Landrush and/or other EAP periods (for Early Access Program).

The GA period is the most important one for a registry dedicated to selling domain names through the network of accredited registrar. It allows to see if the business model chosen to launch the extension was good or not. When registrants buy lots of domain names on the first days of GA, it can mean that the extension will meet adoption.

A little history
In the case of the .APP new gTLD, there is an historic background since the owner of the Registry is "Google" and the application was won in an auction for $25,001,000.00. These are the two first main reasons why the launching of this extension was followed by various parties.

Another reason is that it is short and memorable for application developers who will want to demonstrate precision when introducing their "app" on a website. Amazon offers the same kind of extensions for Bot developers with a .BOT new gTLD.

Also, the number of mobile-only Internet users now exceeds desktop-only in the U.S and what do you need on your mobile: apps.

The .APP Business model
The business model chosen here was to sell these domain names at an average price below $18 (more or less) at retail registrars like Uniregistry or Google Domains, with a renewal price close to $25 each year. It is important to note that a SSL certificate is mandatory to use a ".app" domain name.

With the SSL certificate, understand that the price of the certificate should be added to the price of the domain name and hosting...unless if you decide to use G Suite where the SSL certificate is "offered" when using the latest version of Google Sites.

My opinion
I am no application developer so I don't really need such domain names and I find that the price is a little high compared to other domain name extensions, I like the idea to force users to use a SSL certificate: with the general increase of online fraud, it makes sense to show a secure website introducing an application. Will application developers use a ".app" domain name? I think so because Google has a strong image and an impact on users.
I also just think that it makes sense for a company to introduce its application(s) using a ".app" domain name...because "app" is the word commonly used and understood for "application".

Wednesday, May 2, 2018

The April 2018 update: new gTLD reports

Once a month, new gTLD reports are updated: they allow to check which new domain name registration volumes increase or decrease in various categories of businesses. These numbers are a monthly snapshot of registries' performance. They can also be an indicator as if a new domain name extension is successful or not. Note that some of these extensions exist in their singular and plural version, they are indicated with a "(s/p)" sign. Trademarks are indicated with a "®" sign next to them.
  1. New gTLDs related to CATERING and RESTORATION
    (.restaurant - .kitchen - .bar - etc...)
  2. New gTLDs related to PHOTOGRAPHY
    (.photo - .film - .gallery - etc...)
  3. New gTLDs related to CITIES : these are city names only.
    (.paris - .london - .tokyo - etc...)
  4. New gTLDs related to COMPANIES : new domain name extensions that we believe a company should keep its eyes on.
  5. New gTLDs related to the LAW and LEGAL matters.
    (.legal - .attorney - .lawyer - etc...)
  6. New gTLDs related to FINANCE
    (.credit - .capital - .finance - etc...)
  7. New gTLDs related to a COLOR
    (.orange - .pink - .green - etc...)
  8. New gTLDs related to SPORT
    (.hockey - .basketball - .ski - etc...)
  9. New gTLDs related to ALCOHOL
    (.beer - .wine - .vodka - etc...)
  10. New gTLDs related to REAL ESTATE
    (.realestate - .realtor - .villas - etc...)
  11. Singular VS Plural versions of a new gTLD : these are domain name extensions which exist in their singular and plural version.
    (ie: .gift and .gifts)
  12. FRENCH new gTLD applications : these are applications submitted by French companies only.
  13. New gTLDs related to RELIGION
    (.catholic - .bible - .church - etc...)
  14. New gTLDs related to CARS
    (.taxi - .auto - .car - etc...)
  15. New gTLDs related to HEALTH
    (.health - .doctor - .hospital - etc...)
  16. New gTLDs related to ADULTS (no comment)
  17. Multiple Registries : group of Registries operating five (5) and more domain name extensions.

Tuesday, April 24, 2018

Coming: the .SPORT new gTLD (update)

The .SPORT new gTLD is a long story...a very long one but the registry agreement was finally signed in November 2017.

The rules
It is a community Top-Level Domain, it means that only members of the "community" will be able to register such domain names. Here is what the official eligibility requirements say:

Two types of conditions must be fulfilled for the right to register a .SPORT name. These are:
  1. community membership and
  2. the additional requirements that the registrant’s role in the Sport community, as well as the registrant’s use of the registered domain name, must be:
    1. generally accepted as legitimate; and
    2. beneficial to the cause and the values of Sport; and
    3. commensurate with the role and importance of the registered domain name; and
    4. in good faith at the time of registration and thereafter.
Furthermore, registrants in .sport must be recognized performers, organizers, promoters or supporters of federated Sport, or belong to categories of registrants recognized by the .sport Policy Advisory Board (PAB).

These conditions must always be fulfilled. The strength of the validation is kept in line with the importance of the underlying domain name based on the assumption that a typical user would reasonably make.

To facilitate validation, registrants are required to state their intended use of the registered domain name. A false statement of intended use is an indication of bad faith and can be the basis for the suspension of the domain name.

Registrants are further required to have an administrative contact in the Performers or organizers of sport. This is verified in part automatically (through the postal code in the administrative contact record and by a human eyes review pre‐validation or post‐validation). The administrative contact may be any person or entity having received and accepted the mandate to act as such for the respective domain. (The registrar may act as administrative contact.) Any communications addressed to the administrative contact are deemed to have been brought to the attention of the domain holder. Validation checks include machine and human verification of address accuracy. The validation may be assisted through pre‐identification of potential registrants using existing community channels, in particular through promotion codes. After the launch phase, the validation mode goes from pre‐validation to post‐validation and later to statistically targeted random validation, backed up by a ongoing enforcement program. The validation and enforcement program are supported by an integrated issue tracking system. This system allows validating agents and personnel to cooperate and interact with the registrant. The system keeps track of decisions made by the agents and stores supplemental documentary evidence that may be supplied by the registrants."

My opinion
Community TLDs are "community TLDs", it means that domain names are blocked from being registered by anyone. It is a good solution when a registry can easily be financed but it is a very bad one to install domain names onto a market, unless of course, if all sports organizations have already decided to use one (which I doubt that it is already the case). My true opinion is that I wonder how long these rules will remain until it is decided that the .SPORT new gTLD opens to all. The story is always the exact same: at some point, someone notices that there are not enough domains on the market (or that the registry is not lucrative enough) and decides to open to all (for whatever other reason).

Now, when it comes to checking who registers a domain name (see in red above), I don't remember any registry checking all registrants prior to registering domain names so I believe that anyone with a connection to sport in general should be able to register a ".sport" domain some point: not in the beginning of course but later...

Of course, all this is just my opinion and I could (probably not) be wrong ;-)

Not very optimistic, isn't it? (update)
Let's imagine that the .SPORT new gTLD is coming with something new: that kind of innovation that all participants were expecting in the first round of the ICANN new gTLD program? Well, I am not writing more but there's something really innovative coming and according to my understanding of this concept, it could be THAT expected method by all to install domain names on a market.

Check the official website here.

Thursday, April 19, 2018

The Vatican launches 4 new gTLDs

The Trademark Clearinghouse just published the dates for 4 Sunrise Periods. The Vatican is launching four "catholic" new gTLDs, one ASCII and three IDNs:
  1. The .CATHOLIC new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  2. The .天主教 (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  3. The .كاثوليك (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  4. The .католик (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
What for?
What the .CATHOLIC new gTLD application says: "The mission⁄purpose of the .catholic TLD is to share the teachings, message and values of the Catholic Church with its own members and with the wider global community, by creating a dedicated, authoritative online space for the exclusive use of the Catholic Church and its constituent institutions, including dioceses, religious orders, institutes of consecrated life and organizations affiliated to the Catholic Church, and for the benefit of its adherents globally. The .catholic TLD will serve as an important method of communication for the Church, by establishing a formal and official channel for online communications via the appropriate channels of the Catholic Church. This function of the TLD is consistent with the Church’s core activities, as communication is important in the life of the Church insofar as it facilitates the sharing of information and helps build a sense of community and belonging amongst its adherents. The .catholic TLD will complement the Church’s long established global network of communications activities including print and digital media, television and radio".

Who for?
The applications says that these domain names won't be available for registration (note that this can change): "All domain name registrations in the .catholic TLD will be registered to, and maintained by, the PCCS for the exclusive use of the PCCS and the constituent institutions of the Church. The PCCS will not sell, distribute or transfer control or use of any registration in the TLD to any third party that is not identified within the TLD Catholic Community. As such, individual adherents will not be eligible to register or be granted use of .catholic domain names. Dioceses, religious orders and institutions as found in the “Annuario Pontificio” (the official annual directory of all the institutions related to the Holy See) are recognised as members of the TLD Catholic Community, by virtue of their being formally recognised by the Catholic Church. This recognition is primarily, though not exclusively, evidenced by inclusion in the Annuario Pontificio. The PCCS will maintain a list of institutions formally recognised by the Holy See as falling within the Catholic Church.
Each diocese, official religious order of the Catholic Church and Church-affiliated institution, may be granted use of an associated .catholic domain name to facilitate the establishment of formal and official channels of online communication for the Catholic Church, and promote the overall mission⁄purpose of the .catholic TLD. The use of the domain names by these institutions is subject to internal acceptable use policies".

Religious new gTLDs
Once a month we update new gTLD registration volumes for Religion at Jovenet Consulting, check for "religions" in our list of reports.

Check the Trademark Clearinghouse Calendar for more.

Wednesday, April 18, 2018

(UPDATE) Phishing: let's be frank

I just finished a procedure which consisted in declaring a domain name hosting a phishing operation and it took one month "for the procedure to end". The domain name is still active and, according to the ICANN, the Registrar hosting the website "demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse". I won't verify that because I already wasted too much time sending emails and checking answers to follow procedures.

The ICANN "does things"
Something that I have to admit is that the ICANN did something and without the ICANN taking my complaint into account, nothing would have probably happened. The reason why I write this is that the Registrar to which I complained...never answered me in return. It seems that ICANN had to be involved for my complaint to be considered by this Registrar.

This is not enough
There are procedures: they exist and according to the agreement that all accredited Registrars sign with the ICANN, they have to act but in my case...the Registrar incriminated did not. Let's say that he did but long after my complaint was sent and after I complained to the ICANN. I suspect that such situations must happen often. Also, I have been long enough in this industry to know that these procedures exist only to exist: who knows where to write and who writes to an accredited Registrar to complain about a domain name used for phishing?

The problem
Dealing with phishing is a problem and this is not going to change:
  1. We have useless procedures to declare domain names used for phishing operations:
    1. it is unclear: where do you declare? At the ICANN, the Registrar, the Registry or the totally useless Anti-Phishing Working Group (APWG)?
    2. procedures are difficult to find.
    3. what happens when a lazy Registrar just does not answer: do you...wait for him to take the lead? (believe me I tried)
  2. The volume of new gTLDs is increasing and - unless I am the only one in the world - I receive more phishing attempts, they are industrialized and more sophisticated: with such procedures, are we solving the problem? No.
In the hands of Registrars
I asked Verisign the question about "what is it that I should do in the case of phishing". The Verisign support was very fast answering me:

My question:
What should I do when I have identified a ".com" domain name hosting a phishing operation?
Their answer:
You can report phishing domain names to the sponsoring Registrar of the domain name.
You may use the WHOIS service on our homepage to identify the Registrar of the domain name:
So I had another question:
I did already but it took more than one month (as you can read here: and the only results were issued from the ICANN, the Registrar did nothing. My question is more simple: isn't there a form at the ".com" Registry (Verisign) where I can complain so a domain name can be investigated faster and taken down?
Their kind answer:
No, unfortunately we do not have such service.
In order for Verisign to take down any domains, Verisign will need a valid Court Order in which our Legal needs to review and accept before we can take any further action.
The Registry is the legal entity to allow the creation of domain names and, in the case of ".com" domain names, it has to go through the Registrar. At least, the answer is clear.

I asked the same question to what I call "a Multiple Registry" It is an operator, Donuts Inc. here, which is operating several new domain name extensions.

My question:
Can you take a domain name down if operated by a Donuts registry in the case of phishing?
Their answer:
Donuts takes reports of abuse seriously. If you need to report a domain name that is being used for an abusive or malicious purpose, please fill in the fields below, and submit to us.
My understanding of this is that the registry for ".com" domain names won't act directly and will direct you to the accredited registrar in charge of the domain name; or it will act if there is a court order. On the other hand, this multiple registry I asked the question to would probably act without a court order. The problem dealing with Registrars is that they don't necessarily act and when they do, they can be very slow. I will take the Donuts Answer for granted here and will consider that I might have found another good reason to promote new gTLDs.
End of the update

My "have balls" solution: responsibility and rudeness
Registrants (owners of domain names) are responsible for what they publish, shouldn't the problem be considered differently and the responsibility of a phishing operation transferred to the Registrant?

Changing the status of a domain name can be done faster at the Registry level, not at the Registrar. If the Registry were to receive the complaint and the one to investigate, it could act faster. That means:
  • Identify if a domain name is in use for a phishing operation;
  • Change the status of the domain to one informing users in the Whois;
  • Change the DNS to a parked page that is not hurting consumers:
    • advertise the reason for this change of front page ("ongoing phishing operation" or "domain name used for a phishing operation", ...);
    • advertise the name of the accredited Registrar (so he is faster contacting his client to get rid of this status and front page ;-)
  • Registry to contact the famous "abuse" email at the Registrar (that one they don't particularly pay attention to) to inform him about this change of status. 
  • Change the DNS back to the previous one when the Registrant/Registrar have done some cleaning.
Rude isn't it? The problem with rules is that few follow them on Internet. I am referring here to the agreement that registrars sign with the ICANN: it shouldn't take one month and so many emails shared for a phishing operation to be taken down. Also, many working groups probably work very hard but ... some problems like phishing and spam are not decreasing at all...the opposite is happening. Isn't it time to set up solutions that work?

"Consumers first".

Friday, April 13, 2018

The .CHARITY new gTLD: contract signed

On 11 April 2018, ICANN and Corn Lake, LLC, entered into a Registry Agreement under which Corn Lake, LLC, operates the .CHARITY top-level domain.

2 IDN competitors
There are two other IDN new gTLDs meaning "charity" in Chinese (note that one of the two could be a mistake on the ICANN website:
  1. The ".慈善" (".xn--30rr7y", "charity", /cishan/) new gTLD, delegated in March 2015 and which has 7 domain names created,
  2. The ".公益" (".xn--55qw42g" – Chinese for "charity") new gTLD, delegated in December 2013 and which has 21 domains created.
Details of the latest signed new gTLD agreements can be found here.

Thursday, April 12, 2018

Is the .CANON new gTLD finally here?

The .CANON new gTLD was delegated in february 2015 and was one of the first dotBrand extensions to have been announced, long prior to the first round of the ICANN new gTLD program to begin.
In 3 years, its number of registrations stagnated but recently 11 more domain names were created and it appears than more are coming: the .CANON new gTLD has grown from 18 to 29 new ".canon" domains created in March 2018. Some of these registrations are:
  • ...
More numbers
Canon is a major camera manufacturer but other camera trademarks have acquired their personalized domain name extension:
  • The .NIKON new gTLD had 1 domain name registered in March 2018;
  • The .PANASONIC had 2;
  • The .YODOBASHI has 1;
  • The .PANASONIC had 2;
  • The .SONY had 9;
  • The .OLYMPUS application was withdrawn.
The new gTLD report related to photography is updated at the end of April, let's see if Canon registers more domains.

Friday, April 6, 2018

Verified Twitter accounts for Registries

A domain name extension is operated by what we call a "Registry", a monopolistic situation since there is one registry - worldwide - for a domain name extension. Let's give an example here, the registry for ".club" domain names is .Club Domains, LLC : a company based in Florida. For the ".eco" Top-Level Domain (example shown below), it is...this company.

Making sense
As an intense follower of the worldwide new gTLD activity, I noticed that some registries' Twitter account start to "be verified". In more simple words, it means that they are legitimate. In even more simple words, it means that they really are who they say they are: the legal monopolistic organization to have been granted authorization to deploy a new domain name extension by the ICANN.

The information can be confusing on Twitter when following the news about a TLD: many applicants started to promote their extension before learning that there could be more than one applicant (...) In other words, there are several accounts on Twitter looking like they could be an official registry account (but they are not). The ".eco" is an official one.

In terms of wording, it can be confusing too since those to buy domain names, or those with an interest to follow news about a certain TLD, are not necessarily familiar with the vocabulary used in the domain name space: when finding the unverified Twitter account of a registry, a user can fall onto a crap domainer twitter account trying re-sell domain names from that registry. Most of the domaining activity is absolutely not connected to the registries, registries often have their own premium domains program.

I strongly believe that it makes sense for a registry to ask to have its Twitter account "verified":

  1. As a person involved in domain name things, it is of interest to me and it probably is the same for many IP and IT departments involved in domain name operations;
  2. It should be an easy task since a registry is a monopoly so it matches with the Twitter definition of a verified account: "An account may be verified if it is determined to be an account of public interest. Typically this includes accounts maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas". Isn't a legal monopolistic position a key interest area?
How to
First, it would be a good thing for registries (but .BRANDS maybe) to have a twitter account. Then it would make sense to use it because most believe that it is the job of accredited registrar to promote their TLD when domain name registration volumes have clearly demonstrated that it is not.
Second, Registries should have a strategy because adopting a Twitter account will generate interest and an account which does not publish anything sends a bad messages to potential registrars and registrants.

Then, registries should read that page and learn more about verified Twitter accounts but...don't expect to be verified soon because:
  1. Being verified takes time;
  2. Twitter has temporarily stopped verifying accounts so you will have to wait.
To registries: once verified, send me your Twitter account, I'll be happy to shout out loud.

Tuesday, April 3, 2018

Better than nothing for .BRAND new gTLDs

When going to Google and entering this in the search field: "site:.TLD" (without quotations and where "TLD" stands for a new domain name extension), you will notice that many of them have redirections indexed in Google. I really don't understand Google's logic behind this but...redirections are indexed.

Not all Trademarks use their .BRAND
In the recent updated new gTLD reports, it is noticeable that more Trademarks to have acquired their .BRAND domain name extension, do register more of their domain names. On the other hand, it is also noticeable that some .BRANDs are still "pending activation": I mean by this that they are delegated and fully functional but their owners have only registered one single domain name (the nic.TLD most of the time which presents the TLD's rules).

What are .BRANDs waiting for then?
If no use is found of a .BRAND domain name extension then I don't understand why those trademarks with various local presences worldwide, or present in various cities, don't use redirections using city names just to be better indexed in Google.

I had a look at the famous .CLUBMED new gTLD and it has 6 ".clubmed" domain names registered (see the March 2018 update). The French Club Mediteranée is a famous French travel agency and has a presence in several cities in most of the countries in the world. Wouldn't a redirection like to be a idea to industrialize for all destinations?

If redirections can be risky to use, I wonder if it is better to be charged for a .BRAND new gTLD and not do anything with it. I believe it can be worth it to have a redirection strategy put in place instead of throwing money at the wall.

DotBrand new gTLD applicant are not doing this so is it the cost of each domain names which is the issue? I doubt it is because it already cost each applicants $25,000 a year just in ICANN fees. So what is it then?

For questions, contact Jovenet Consulting.

Thursday, March 29, 2018

So you're a .GROUP of companies?

The word "group" is an English word and it has many significations but the first one that I think of is a group of companies (and not a music group). Wikipedia defines it like "a collection of parent and subsidiary corporations that function as a single economic entity through a common source of control". Good.

You are a .GROUP
I just tried a few French group names extracted from a list I found on Internet and I added ".group" behind each name to see if a domain name was in use. On the list below, I was surprised to see that many have registered their ".group" domain name.

On the results found:
  • some show the Registrar's parking page (instead of redirecting the domain name to their website);
  • some seem to have their name registered by a third party with an ugly parking page;
  • Groupe Dassault, Lagardère, Pernod Ricard and PSA are using a redirection to their main website;
  • Casino, Seb and LVMH seem squatted and parked on a "for sale "page;
  • Louis Dreyfus shows a page written in Chinese which says "This page appears because your site is closed. Please contact customer service" but when looking at the Whois database, it looks like the name was not registered by Louis all;
  • all other names were either not registered or show no content;
  • for one of them, the Whois shows: "The registration of this domain is restricted, as it is currently protected by a DPML Block."
  • None of this groups uses a ".group" domain name to point to a website.
Be careful, you're not alone
I also tried a few other English and American group names and I noticed that many ".group" domain names were registered other groups which have the same name and most of the time, in other countries. On the examples that I tried, most were short group names of three to four letters.

What's the idea here?
Companies like to secure their assets and it has now become a common practice to to secure domain names in advance:
  1. The first idea is to say that modern groups should register their ".group" domain name because examples above can cost a lot in legal procedures when they have been squatted and probably much more when no prior right can be demonstrated (and that concerns short names).
  2. The second idea is to say that "things can change" and some companies become group of companies later in their history: registering today is a way to secure the name for tomorrow when things have changed.
  3. Another idea is not to say that ".group" domains should be registered by all companies: for example, Jovenet Consulting is a small company and there is no plan to become a group so there is no reason to register such a domain name but the ".company" one maybe.
Internationalisation and English
Many companies have a website, and most of the time, the idea is to give the company an "international rayonnance" thank to Internet. Much of the content found online is not written in Portuguese nor it is written French: it is written in English (an in Chinese a little bit too). The word "group" is an English word so registering a ".group" domain name today is to me a good strategy for already existing groups but also...for coming group of companies.
By the way, did you know that the ".group" domain name also exists in Chinese? It is the .集团 IDN new gTLD and is stands for "Corporate Group".

Added to the monthly new gTLD report
Once a month, we edit a new gTLD report entitled "Companies", this reports lists new domain name registration volumes from extensions that we believe companies should secure their domain name with. We added the .GROUP new gTLD to the Companies new gTLD report at Jovenet Consulting. There are 62,000 ".group" domain name registered already. The March 2018 update is coming.

Monday, March 26, 2018

Good news for .BRAND new gTLD applicants

Google Registrar is now in France and a few other countries. If this can be a good news for registrants (the one to buy domain names) then, what does it have to do with French .BRAND new gTLD applicants?

Good question
In fact, the good news relates to Nomulus, the backend registry solution also offered by Google. This information is important because Nomulus actually is the technical solution on which all Google new gTLDs are operated.

OK, so what?
.BRAND new gTLD applicants need a backend registry provider but also, a registrar solution to be able to create and setup their personalized domain names. Until very recently, French domain name registrants had no access to Google as a Registrar: a postal address located in the USA was requested prior to registering a domain name using a credit/debit card. This made it impossible to register a name using this registrar. Now, French residents...can register domain names at Google, which also means that .BRAND applicants could also use both solutions to operate their TLD and manage domain names: Nomulus and Google Domains.

And then?
Nomulus offers a direct access to Google Domains: in simple words, it means that there already is a footbridge allowing domains created in Nomulus to be managed using Google Domains: such solution using another backend registry wouldn't automatically allow a .BRAND applicant to manage his personalised domains using Google as his Registrar, this would need to be implemented.

Other backend registries would probably answer that they're already connected to all other major registrars but...this is absolutely not required for a .BRAND new gTLD for which the most limited number of service providers is required to lower the price and go straight to point: register personalized domain names. It is what I would want as a .BRAND new gTLD applicant.

Come on, it can't be so simple
As you can imagine, things can't be so simple because using the Nomulus solution is not (yet?) a service offered by Google and also, it requires a strong technical knowledge to operate the tool so unless Google decides to create an offer, which is a question that we already asked "Ben" last year (Ben is the person in charge of the Nomulus backend registry solution at Google), I see a limited number of .BRAND applicants with the capacity to operate their own backend registry solution using #Nomulus. Note that neither Amazon nor Microsoft have developed a backend registry solution to operate Top-Level Domains and none of the two offer a registrar solution to their clients: both use an external backend registry provider to operate their .BRANDs.

Google is creative and has capacity to offer clients the right solutions and since there is a strong demand for more .BRAND new gTLDs, I am confident that someone has already considered thinking about creating a complete .BRAND offer connected to Google Registrar: we are two years away (and possibly less for .BRAND applications) from the next round so there is still time...and actually, last time we asked Google the question was a year ago.

Also, Google is the only Registrar to offer his free Backend registry solution, hosted on its own Google Cloud solution: as myself being a fully satisfied French G Suite client (another Google solution recently adopted by the 130,000 employees of Airbus SAS), I only see good to be able to control personalised .BRAND domain names from a single point of entry, as well as all of my other domain names. Note that this would require to transfer domain names to Google Registrar.

Wednesday, March 21, 2018

Phishing, Banks and .BRAND new gTLDs

I recently tried to complain against a phisher using as the phisher's Registrar and I also followed a procedure at the ICANN to see if anything would happen, but, as expected, nothing happened: the ICANN created a case and offered to fill-in another form and the Registrar did not even confirm he received my complaint. Note that I could also have complained at the Registry but  I did not know...time consuming?

Another approach for Banks
Below are examples of recent phishing emails I received in the name of a French bank. These are issues banks have to deal with on a daily basis and in volume: not only because it hurts their image but also because it causes serious problems to some of their customers. For these two reasons, and also because it is useless thinking that procedures exist at (some) Registrars to fight phishing, here is another approach banks can have to protect more their customers from phishing.

Phishing is this:
  1. The end user receives an email with a fake link to click onto: the email says that it is sent from but it is not, and at this level, you cannot learn who is the sender (because it is so easy to send an email using a fake one).
  2. The link to click onto is either some text (ie: "Confirmer votre PassCyberPlus" in my case) or a link which looks like it is a known link (domain name) from our bank (ie: ""). In both case, the link is a fake one, or an IP address (my case) offering to go to another website where the fraud is installed. Sometimes, it will ask for your login and password or it will try to automate the installation of a program to encrypt your hard drive (ransomware) or it will ask for more information.
End users are more trained than before but...
More end users receiving phishing emails do not click on their links anymore: they check before clicking. The real link appears down in the browser when passing (but not clicking) the mouse onto, so they can learn if the email is legitimate or not. Phishing has now become so common that end users have become familiar with checking a link before they click. Note that there will still need a few more generations before phishing becomes completely useless.

Banks can fight fishing another way
Trying to explain their client to be cautious with phishing is negative and trying to solve these problems with registrars, which often demonstrates to be completely useless and endless, is a total waste of time. ICANN will answer that it has no responsibility into this, and Registries...well...try to complain at a registry and tell us more about your experience ;-)

Another way for banks to fight phishing - and better protect their clients - is to "work on words": when building a website, navigation has to be simple, if there's more than two clicks to reach out to the information, you lose your reader. It is the same for banks' names: with too many names for branches, inline services, banks confuse their customers and that also takes them to click on the wrong link. Working on words is called branding. Banks want their clients to:
  1. Recognize their name;
  2. Go to the right website and not another.
With dozens of subsidiaries, trademarks, legal entities, names and other brands, it is impossible for a Bank to gather under a same name and under the same domain name but using a .BRAND new gTLD is a solution to this with an enormous advantage: thank to words, it reduces the risk of phishing and definitely kills any homograph attack in the egg. Here are the advantages to use a .BRAND domain name extensions, instead of a ".com" or any other country code Top-Level Domain (a domain name extension for a country).

The number one advantage to remember for a Bank is that when it controls the registration of its domain names, it also means that a phisher will never be able to register one of them: anyone can register a domain name ending in ".com", in ".fr" or any other domain name extension available to the general public: but not a ".brand".

Let's talk about my case figure, the "Banque Populaire" one
When you hit "banque populaire" in Google, you get a full list of words: banque populaire, bred, bred banque populaire sa, groupe bpce, casden banque populaire, etc...there are dozens of names belonging to Banque Populaire and dozens of websites:
    1. How do you expect clients not to be confused when receiving an email about Banque Populaire? How does the bank ensure that her client knows if the bank's name and URL are legitimate?
    2. Can you imagine the pleasure a phisher can have when preparing an attack with such a confusing information sent to this bank's clients: it's wonderland for phishers because the bank's client WILL be confused.
Why it matters
In terms of Branding
Paying attention to the name and the URL clients will be sent to matters and as I previously wrote it, if it is impossible to gather under a same name and domain name, gathering under a same ".brand" name changes everything:
  1. In terms of trust for the client: all services from the bank will be easily identified behind an exact same domain name extension. For example:
    1. www.casden.bpce (or ".banquepopulaire")
    2. www.bred.bpce
    3. www.banquepopulaire.bpce
    4. etc...
  2. In terms of name for the Bank: the domain name extension becomes the seal which connects all services, trademarks, names, categories of clients, subsidiaries, branches, office locations, the same Bank. When seeing this seal, the client knows that he is on a website belonging to the bank: "can't be something else". Instead of using various confusing domain names (which none can be certified by the bank), the ".brand" domain name extension simplifies it all for the client: when passing his mouse onto a hyperlink prior to clicking, the ".brand" extensions from the domain name is the seal that confirms that he can click.
In terms of strategy (for the Bank)
Things take time and don't expect a client to understand why a domain name using a ".brand" extension might be less risky for him to click onto, also expect things to be more the beginning at least; things take time and explanation.

Some banks have already migrated to their .BRAND new gTLD, there is even one in France: Since 2012, 1,230 new domain name extensions have been created, and this also means:
  1. More confusion to consumers;
  2. More options for phishers to fool banks' clients;
  3. But also more training and adoption for users: the more new domain name extensions start to appear online, the more coming generations are used to them.
There are today 490 ".brand" new gTLDs. They are trademarks to have acquired and signed an agreement with the ICANN to be granted the authorization to create and use their personalized domain names. It means that from an old and non-secure use of domain names, a few brands have already started to change to more secured strategies for the benefit of their clients: aren't Banks security?

Another alternative for Banks
Banks are the only one to have access to ".bank" domain names but in the case of a French bank, it does not match: you don't talk to French customers using an english web ending. Note that some French banks applied for a ".banque" new gTLD but then, withdrew their application.

Need help understanding all this? Contact Jovenet Consulting and ask for Jean.

Recent phishing emails received

Monday, March 19, 2018

Coming soon: the .ICU Sunrise Period

Domain names ending in ".icu" (instead of ".com") are coming to the market. The Sunrise Period was just announced and here is what the new gTLD application submitted to the ICANN says. According to the Applicant, the purpose of the TLD is explained below:
  1. Reflect and operate a distinctive that is aimed to identify the Applicant’s services (“ICU”)at the top level of the DNS’ hierarchy;
  2. Provide customers and other stakeholders of the Group, including, subsidiaries, and their respective suppliers, sponsorships, and their respective directors, officers, employees, with a recognizable and trusted identifier on the Internet;
  3. Provide such stakeholders with a secure and safe Internet environment that is mainly under the control of the Applicant, the Group and its subcontractors;
  4. Provide selected stakeholders in ‘ICU’ brands with the opportunity to create a secure and safe Internet environment that is to a large extent under control of the Applicant and⁄or such stakeholders.

Looks like a .BRAND new gTLD
Question 18/a from the application submitted to the ICANN generally reflects the purpose of the new gTLD and in this case, it clearly looks like the application was submitted for an internal purpose to the brand but the Sunrise Period is dated 24 April 2018 to 24 May 2018 with a Trademark Claims Period dated 29 May 2018 to 30 August 2018 with a Qualified Launch Program (QLP) dated 24 April 2018 to 17 May 2018 so unless I am wrong, .ICU domains should be made available for sale.

The registry website is available here and this is the ICANN announcement.

Friday, March 16, 2018

New gTLDs: Adopted Board Resolutions

In each ICANN meetings, working groups and the board gather to take decisions.

This document is a long one to extract the information related to new gTLDs "only" but here is some of it. There is a lot about the CPE process (Community Priority Evaluation) but I even if the document is entitled "adopted board resolution", I saw nothing "adopted". Note that the ICANN uses the words "resolve" but it does not necessarily mean that a case ends when it has been resolved. A good way to read this document in an efficient way is to use the search field of the browser and enter the word "Resolved". It is what I did and here is the result.

I found adopted board resolutions for some Top-Level Domains, they are dated 15 March 2018 so I guess that they are of interest:
  1. On the Community Priority Evaluation:
    1. Resolved (2018.03.15.09), the Board concludes that, as a result of the findings in the CPE Process Review Reports, no overhaul or change to the CPE process for this current round of the New gTLD Program is necessary.
    2. Resolved (2018.03.15.10), the Board declares that the CPE Process Review has been completed.
  2. On .PRESIANGULF new gTLD:
    1. Resolved (2018.03.15.13), the Board directs the President and CEO, or his designee(s), to take all steps necessary to reimburse the GCC in the amount of US$107,924.16 in furtherance of the IRP Panel's Costs Declaration upon demonstration by the GCC that these incurred costs have been paid.
    2. Resolved (2018.03.15.14), the Board directs the BAMC: to follow the steps required as if the GAC provided non-consensus advice to the Board pursuant to Module 3.1 (subparagraph II) of the Applicant Guidebook regarding .PERSIANGULF; to review and consider the relevant materials related to the .PERSIANGULF matter; and to provide a recommendation to the Board as to whether or not the application for .PERSIANGULF should proceed.
  3. On .HALAL and .ISLAM new gTLDs:
    1. Resolved (2018.03.15.15), the Board accepts that the Panel declared the following: AGIT is the prevailing party in the Asia Green IT System Bilgisayar San. ve Tic. Ltd. Sti. v. ICANN IRP; and ICANN shall reimburse AGIT the sum of US$93,918.83.
    2. Resolved (2018.03.15.17), the Board directs the BAMC to re-review the GAC non-consensus advice (as defined in Section 3.1 subparagraph II of the Applicant Guidebook) as well as the subsequent communications from or with objecting and supporting parties, in light of the Final Declaration, and provide a recommendation to the Board as to whether or not the applications for .HALAL and .ISLAM should proceed.
All adopted board resolutions are available here.

Wednesday, March 14, 2018

ICANN Correspondence and new gTLDs

There is a page on the ICANN website which lists all correspondences between complainants the ICANN. It has become a reflex to check this page on a daily basis because this is where it becomes possible to follow-up with problematic new gTLD cases. In 2018 some Top-Level Domain applicants already shared a lot of mails on .GAY - .MUSIC - .WEB - .WOMEN (this TLD does not exist but "hey") - .HALAL - .ISLAM and .CPA. The first correspondence is dated 1998.

Other interesting links
The "Litigation" link is also a good one to have a look at, they are litigation documents between parties and the ICANN. For example, it is where you can find documentation on the .AFRICA case (
DotConnectAfrica Trust v. ICANN (Appellate Court Proceeding)), the .WEB case (Ruby Glen, LLC v. ICANN), etc...

The Registry agreements link is one that is interesting too: the chronological listing allows to see when something new happens to a new gTLD. For example, on 10 March 2018, ICANN and gTLD Limited, entered into a Registry Agreement under which gTLD Limited, operates the .INC top-level domain.

For more new gTLD bookmarks, you can check this page at Jovenet Consulting.

Tuesday, March 6, 2018

New gTLDs offer more alternatives (and innovation)

I went skiing and saw the ad below, it is an ad for a Land Rover offered at a car dealer whose name is Donnay with several garages around Barcelona Spain. The ski resort I went to is an important with many Land Rovers exposed in the mountain so I checked if there was a ".donnay" new gTLD but found none. Anyway.

Prints are often where we add a domain name to offer potential clients to visit a website but on this one, I find the URL used a little "old fashioned" compared to what could have been done with a domain name ending in ".barcelona" or even better: ".landrover". I checked the ".landrover" new gTLD application and read:
"The .landrover gTLD will provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand. Second and third level domains can then be utilised for specific pages for Land Rover’s car models and dealerships, as well as for communication and marketing purposes, with internet users assured of brand authenticity".
Unless I am wrong, or completely stupid, isn't it precisely what the ".landrover" new gTLD was created and paid for: "to provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand"?

Such great names could have been used: or

We're still far away
The .LANROVER new gTLD was delegated in October 2015, almost 3 years ago, but is it still not used appropriately. It is also possible that the people in charge of communication with affiliates and partners don't know about the existence of such tool.

I personally find that such an opportunity to demonstrate innovation in branding is a missed one in such a crowded place like a ski resort. This also clearly demonstrates that we are still far away from having communication specialists to innovate using their .BRAND new gTLD. This also happens with many other .BRAND Top-Level Domains at the moment.

For the note, three were 6,134 ".barcelona" domain names registered in February 2018 and 18 ending in ".landrover" in January 2018, down to 4 in February.

Land Rover: wake up ;-)

Monday, March 5, 2018

Concern Over DNS Abuse: really?

This is a recent letter sent to the ICANN from the The Independent Compliance Working Party and focusing on DNS abuse. It is signed by Adobe Systems Inc. - DomainTools eBay Inc. - Facebook, Inc. - Microsoft Corporation and Time Warner Inc.

I particularly focused on this line saying: "The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD". After more than 30 years facing phishing, spam and malwares...I really wonder "who" can still do anything about this.

I sometimes write to Registrars, Registries and the ICANN about domain name owners doing phishing and I admit that I never - NEVER - had anyone of them to act (ie: check the domain name and change its status to one that blocks the domain from harming consumers). Reading this letter, I see Trademarks seriously harmed by phishers and on the other side, I see organizations who won't act because a client is a client: phishers pay for their domain names. In France we have a saying: "pas vu pas pris".

The letter:
The undersigned global businesses and their customers depend upon the continuing security, stability and resiliency of the Internet, and thus have significant interests in domain name industry issues and outcomes. We are amongst the leaders in working to protect the interests of customers and those of the broader Internet from domain name system (DNS) abuse, in various ways. As long standing participants in ICANN- and industry-related conversations and policymaking, we are contacting you with our concerns about serious harm occurring to Internet users, and a request for action that we believe would serve the interests of the broader community.

Under your direction, ICANN’s Compliance team has broadened the various forms of feedback it seeks from the broader community. This is much appreciated. Accordingly, we write with concerns that you and your department are in a position to help resolve.

We commend ICANN for orienting its policymaking function towards a more data- and fact-based approach. This orientation of course depends on the availability of data and reports that provide an accurate view of the DNS and the impact of DNS abuse on stakeholders. While there is more data that needs to be collected and analyzed, it’s gratifying to see that ICANN Org is now in a better position to use and publish more widely available and reliable data to better evaluate DNS harm to users and more effectively exercise its responsibilities to help remedy ongoing harms.

Specifically, ICANN and the community now have at their disposal published data--namely, the Statistical Analysis of DNS Abuse in gTLDs (SADAG) report and the ongoing Domain Abuse Activity Reporting (DAAR) System regarding rates of abuse in the DNS. These rates are regrettably showing stark increases and serious concentrations of abuse across legacy and new gTLDs, registries and registrars, and in the proliferation of spam, malware, phishing and other harms. For example, according to the Domain Abuse Activity Reporting (DAAR) System report:
  • The 25 most exploited TLDs account for 95% of the abuse complaints submitted to DAAR.
  • Five TLDs alone are responsible for more than half of abuse complaints.

Additionally, according to the SADAG report:
  • The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD and at the end of 2016 represents 82.5% (15,795 of 19,157) of all abused legacy gTLD domains considered in this study.
  • …the five new gTLDs suffering from the highest concentrations of domain names used in phishing attacks listed on the APWG domain blacklist in the last quarter of 2016 collectively owned 58.7% of all blacklisted domains in all new gTLDs.
  • …we observe as many as 182 and 111 abused .work and .xyz domains, respectively. The results indicate that the majority of .work domains were registered by the same person. 150 domains were registered on the same day using the same registrant information, the same registrar, and the domain names were composed of similar strings. Note that only 150 abused domains, blacklisted in the third quarter of 2015, influenced the security reputation of all new gTLDs.
  • ...the overwhelming majority of malware domains, which were categorized as compromised, belong to one of four new gTLDs: .win, .loan, .top, and .link (77.1%, which represents 19,261 out of 24,987 domains).
You’ll agree these are troublesome statistics, and are antithetical to a secure and stable DNS administered by ICANN. We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates. Also, can ICANN provide any details as to whether the higher rates of abuse (as documented above by parties that appear not to be the subject of enforcement notices) correlates to specific breaches of the RA and RAA by the relevant contracted parties? Are there specific hurdles that Compliance perceives that inhibit enforcement activity against such contracted parties? Has ICANN prioritized its attention to compliance matters relating to such parties and does it have sufficient resources to handle them before they reach a new stage of criticality?

Specifically, is Compliance more assertively applying Specification 11(3)(b) of the Registry Agreement, compelling offending registry operators to disclose actions taken against security threats? How is ICANN’s Consumer Safeguards effort playing a stronger role in determining new areas for compliance action?

Not only do we look forward to hearing the details of ICANN Org’s comprehensive actions in this area, we seek, as an immediate and urgent matter, compliance action on the worst offenders in current ICANN reports.

We also would like to know additional ways in which the undersigned parties could support ICANN in this broad endeavor. If helpful to develop steps forward, we welcome an in-person meeting with you, other relevant ICANN Org executives, and your staff.

Over the long term, we suggest development of a data-driven roadmap for compliance based on key information and statistics. We encourage Compliance to consult with the wider community to help shape this data-driven roadmap, and we look forward to offering our further input. Thank you for your attention to this letter.

Read the full letter here. (PDF Download)

Thursday, March 1, 2018

UPDATED: New gTLDs in your kids' future

Many people remember the .NAME new gTLD which qualified for a first name or a surname. I bought one at the time: “just in case” because the similar one ending in”.com” was not available and I thought that I‘d found a use for it (different from a redirection).

I checked my name in several new gTLD extensions and noticed that many first names have already been registered.

When thinking about my kids’ future: isn’t it time to secure a good domain name for them?

Available but Premium
I bought my three kids their first name in a specific domain name extension but I will be honest in saying that the extension chosen was not exactly the one I wanted. The reason for this was that a domain name could be expensive to renew, year after year. I don’t know when (and if) my kids will want to use them one day so…price is important. Also, a first name has value: a lot of value because many people have the same name. When looking for common first names, you will notice that there are many that are available as “Premium domains” and so on, at a higher price, for the reason I explained above.

Cheap but in niche TLDs
My name is “Jean” and this word has other meanings, it is also a short four letters word so it makes it even more complicated to find an available domain name in most extensions, even in new domain name extensions but niche ones. Shall I register for €9,000 because it is a generic TLD? Clearly not. I went to my Registrar and I found some first names available for registration for €3,19 but in niche extensions that my kids will never use.

For example, the “.bargains”, “.cash”, “.mba”, “.reisen” extensions and many others are extremely cheap to register and renewing the domain name is not so expensive but what is the point in registering my kids their first name in one of these extensions if they never use them?

Your kids and the future
I don’t know whether my kids will need a domain name in the future and, even is some ultra generic keywords will still be available in not so niche new gTLDs that could match with a business they might be interested in developing; I do not know either if their chosen business will match the generic domain name I chose for them. Hunting for their first name as a domain name is a good start I believe.

From my searches - and I wanted to register my kids their domain name in the same extension - I realized that I am not the only person to be looking for first names in new gTLDs. I also realized that, when searching, there are still extremely good domain names to register for your kid(s). The one I chose for mine are in the “.business” new gTLD.

I often hear that people often use more applications than they do for websites; the future is in apps. Let’s say that this is a fact but when starting a business, you often need a name and this can be the application’s name: why not start with your family’s name or the first name of your kid as a domain name? The risk is low and purely financial (a few Euros) but the value could be extremely high in a few years...for your kids.

Register your Trademark using an agent.