The .BMW new gTLD

While updating the CARS new gTLD report for the month of March 2018, I noticed that the .BMW new gTLD had 53 ".bmw" domain names registered in February to 108 at the end of March.

From the examples that I tested, most are not redirections anymore but real websites such as: http://ratzel.bmw

For .STEPHANE

I just learnt today that Stéphane Van Gelder passed away.

My friend Murielle called me.

Many of us in France have worked with and for Stéphane. I personally worked many years with Stephane to launch new gTLDs at INDOM (which was then acquired by another company). He is the person who taught me everything that I did not know about domain names: he actually taught me that Versign was a thin registry and not a thick one: I did not know the difference...

When I joined INDOM, years ago, he also was the first French guy to have delivered .BRAND new gTLD studies when we did not even know when the first round of the ICANN new gTLD program would start. Actually, we were very good at what we did but he was the guy to think years in advance.

Stéphane was a person of precision. I remember the number of times he asked me to re-write things because I would not have seen a mistake in a word or have missed an accent: I remember going to his office at Indom 10 times a day and getting back to mine ultra pissed because I would have I missed a correction in a study.

...I don't really know what to write in such circumstances...

Today is a sad day.

RIP Stéphane.

More covers here and here.

Good news for .BRAND new gTLD applicants

Google Registrar is now in France and a few other countries. If this can be a good news for registrants (the one to buy domain names) then, what does it have to do with French .BRAND new gTLD applicants?

Good question
In fact, the good news relates to Nomulus, the backend registry solution also offered by Google. This information is important because Nomulus actually is the technical solution on which all Google new gTLDs are operated.

OK, so what?
.BRAND new gTLD applicants need a backend registry provider but also, a registrar solution to be able to create and setup their personalized domain names. Until very recently, French domain name registrants had no access to Google as a Registrar: a postal address located in the USA was requested prior to registering a domain name using a credit/debit card. This made it impossible to register a name using this registrar. Now, French residents...can register domain names at Google, which also means that .BRAND applicants could also use both solutions to operate their TLD and manage domain names: Nomulus and Google Domains.

And then?
Nomulus offers a direct access to Google Domains: in simple words, it means that there already is a footbridge allowing domains created in Nomulus to be managed using Google Domains: such solution using another backend registry wouldn't automatically allow a .BRAND applicant to manage his personalised domains using Google as his Registrar, this would need to be implemented.

Other backend registries would probably answer that they're already connected to all other major registrars but...this is absolutely not required for a .BRAND new gTLD for which the most limited number of service providers is required to lower the price and go straight to point: register personalized domain names. It is what I would want as a .BRAND new gTLD applicant.

Come on, it can't be so simple

As you can imagine, things can't be so simple because using the Nomulus solution is not (yet?) a service offered by Google and also, it requires a strong technical knowledge to operate the tool so unless Google decides to create an offer, which is a question that we already asked "Ben" last year (Ben is the person in charge of the Nomulus backend registry solution at Google), I see a limited number of .BRAND applicants with the capacity to operate their own backend registry solution using #Nomulus. Note that neither Amazon nor Microsoft have developed a backend registry solution to operate Top-Level Domains and none of the two offer a registrar solution to their clients: both use an external backend registry provider to operate their .BRANDs.

Conclusion
Google is creative and has capacity to offer clients the right solutions and since there is a strong demand for more .BRAND new gTLDs, I am confident that someone has already considered thinking about creating a complete .BRAND offer connected to Google Registrar: we are two years away (and possibly less for .BRAND applications) from the next round so there is still time...and actually, last time we asked Google the question was a year ago.

Also, Google is the only Registrar to offer his free Backend registry solution, hosted on its own Google Cloud solution: as myself being a fully satisfied French G Suite client (another Google solution recently adopted by the 130,000 employees of Airbus SAS), I only see good to be able to control personalised .BRAND domain names from a single point of entry, as well as all of my other domain names. Note that this would require to transfer domain names to Google Registrar.

New gTLDs: homograph attacks on the rise?

The problem with homograph attacks is that the more we talk about them, the mode it gives ideas to frauders.

Note that it is also - and I believe this strongly - a super fantastic way for security providers to scare their clients reminding them to buy their services because if they don't, the world will collapse ;-)

Last May, I wrote (in a very limited english that only non-english speakers can understand) a post about it to explain what an homograph attack is.

This morning, I read a new updated post, written in words that even I understand: it is entitled "Homographs, Attack!": it explains homograph attacks in simple words with cool designs. This is a good read and this is something that operators of large domain name portfolios should read too.

Coming soon: the .ICU Sunrise Period

Domain names ending in ".icu" (instead of ".com") are coming to the market. The Sunrise Period was just announced and here is what the new gTLD application submitted to the ICANN says. According to the Applicant, the purpose of the TLD is explained below:

1. Reflect and operate a distinctive that is aimed to identify the Applicant’s services (“ICU”)at the top level of the DNS’ hierarchy;
2. Provide customers and other stakeholders of the One.com Group, including, subsidiaries, and their respective suppliers, sponsorships, and their respective directors, officers, employees, with a recognizable and trusted identifier on the Internet;
3. Provide such stakeholders with a secure and safe Internet environment that is mainly under the control of the Applicant, the One.com Group and its subcontractors;
4. Provide selected stakeholders in ‘ICU’ brands with the opportunity to create a secure and safe Internet environment that is to a large extent under control of the Applicant and⁄or such stakeholders.

Looks like a .BRAND new gTLD
Question 18/a from the application submitted to the ICANN generally reflects the purpose of the new gTLD and in this case, it clearly looks like the application was submitted for an internal purpose to the brand but the Sunrise Period is dated 24 April 2018 to 24 May 2018 with a Trademark Claims Period dated 29 May 2018 to 30 August 2018 with a Qualified Launch Program (QLP) dated 24 April 2018 to 17 May 2018 so unless I am wrong, .ICU domains should be made available for sale.

The registry website is available here and this is the ICANN announcement.

ICANN Correspondence and new gTLDs

There is a page on the ICANN website which lists all correspondences between complainants the ICANN. It has become a reflex to check this page on a daily basis because this is where it becomes possible to follow-up with problematic new gTLD cases. In 2018 some Top-Level Domain applicants already shared a lot of mails on .GAY - .MUSIC - .WEB - .WOMEN (this TLD does not exist but "hey") - .HALAL - .ISLAM and .CPA. The first correspondence is dated 1998.

Other interesting links
The "Litigation" link is also a good one to have a look at, they are litigation documents between parties and the ICANN. For example, it is where you can find documentation on the .AFRICA case (
DotConnectAfrica Trust v. ICANN (Appellate Court Proceeding)), the .WEB case (Ruby Glen, LLC v. ICANN), etc...

The Registry agreements link is one that is interesting too: the chronological listing allows to see when something new happens to a new gTLD. For example, on 10 March 2018, ICANN and gTLD Limited, entered into a Registry Agreement under which gTLD Limited, operates the .INC top-level domain.

For more new gTLD bookmarks, you can check this page at Jovenet Consulting.

New gTLDs offer more alternatives (and innovation)

I went skiing and saw the ad below, it is an ad for a Land Rover offered at a car dealer whose name is Donnay with several garages around Barcelona Spain. The ski resort I went to is an important with many Land Rovers exposed in the mountain so I checked if there was a ".donnay" new gTLD but found none. Anyway.

I love .LANROVER
Prints are often where we add a domain name to offer potential clients to visit a website but on this one, I find the URL used a little "old fashioned" compared to what could have been done with a domain name ending in ".barcelona" or even better: ".landrover". I checked the ".landrover" new gTLD application and read:

"The .landrover gTLD will provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand. Second and third level domains can then be utilised for specific pages for Land Rover’s car models and dealerships, as well as for communication and marketing purposes, with internet users assured of brand authenticity".

Unless I am wrong, or completely stupid, isn't it precisely what the ".landrover" new gTLD was created and paid for: "to provide an authoritative internet space for Land Rover, its affiliates and partners that are associated with the Land Rover brand"?

Such great names could have been used: www.donnay.barcelona or www.donnay.landrover.

We're still far away
The .LANROVER new gTLD was delegated in October 2015, almost 3 years ago, but is it still not used appropriately. It is also possible that the people in charge of communication with affiliates and partners don't know about the existence of such tool.

I personally find that such an opportunity to demonstrate innovation in branding is a missed one in such a crowded place like a ski resort. This also clearly demonstrates that we are still far away from having communication specialists to innovate using their .BRAND new gTLD. This also happens with many other .BRAND Top-Level Domains at the moment.

For the note, three were 6,134 ".barcelona" domain names registered in February 2018 and 18 ending in ".landrover" in January 2018, down to 4 in February.

Land Rover: wake up ;-)

New gTLDs: overarching issues

These are recent slides extracted from today's meeting. These topics will be discussed in the next ICANN meeting in Puerto Rico:

Something written about the next new gTLD applicant guidebook's format (the famous AGB):

Exciting, isn't it?

:-)

For action:

1. Add to the slides for Council planning for PDP WG time at ICANN62 in Panama City.
2. Take the list of topics in the Initial Report structure and send it to the WG in case we missed any topics.

Notes:

1. SOI Updates:  No updates.
2. Work Track updates:
1. Work Track 1:
1. Going through all of the topics and trying to make sure we reflected feedback from the calls and the CC2 responses.
2. Getting that text into the Initial Report.
3. Call scheduled for 06 March is TBD.
2. Work Track 3:
1. Finished meetings and going through topics.
2. Making sure we've captured all of the input.
3. Putting the language into the Initial Report.
3. Work Track 4:
1. Looked at preparing text for the Initial Report.
2. Discussed Registry Testing System.
3. Preparing topics for Puerto Rico.
4. Name Collisions also will be a topic.
5. ICANN Board resolution on a longer term study.  See: Draft Project Plan for Name Collision Analysis: https://www.icann.org/public-comments/ncap-project-plan-2018-03-02-en
4. Work Track 5:
1. Going through the different categories of Geographic names in the Applicant Guidebook.  Identifying pros and cons.
2. Looking at how we may want to consider doing the same thing in future or changing the AGB.  Addressing variations between the initial policy work and the final AGB content.
3. Look at categories that were not in the AGB.
4. Working Session dedicated to WT5 in San Juan on 14 March 0830.
3. Review of suggested Initial Report structure/planning for ICANN61
1. Slide 2: Initial Report
2. Slide 3:
1. Complete the Final Report by the end of 2018.
2. For the Initial Report we are not doing consensus calls. We are putting options out for public comment.  Not the time to take a consensus call on one or more of the recommendations.
3. Goal is to get out the Draft Initial Report out by the end of March and then have the WG review it in April.
4. Thinking of changing the meeting schedule to meet every week to help with the review of the Initial Report, starting Monday, 26 March.
5. In the planning for Panama we need to understand if the PDP WG will need a good chunk of the time at ICANN62.
3. Slide 4: Work Track 1-4 and overarching issues.
4. Slide 5:
1. Overarching Issues and Work Track Topics.
2. Options and open questions have not gone through a consensus call.
5. Slide 6:
1. Status Update Overview.
2. Overarching Issues.
3. Recommendations on 4 topics.
4. Options/questions on 3 topics.
5. Community Engagement: a lot of overlap with predictability or where we have tried to get feedback on this PDP.
6. Slide 7:
1. Status Update Drill-Down.
2. Overarching Issues.
7. Slide 8:
1. Status Update Overview.
2. Work Track 1.
4. AOB: ICANN FY19 Budget:
1. Only a short mention of the Subsequent Procedures PDP, but statement that there are no funds allocated for implementing any GNSO policy on subsequent procedures.
2. FY19 goes from 01 July 2018 to 30 June 2019.
3. If the Board waits until FY20 to allocate funds some think this could delay the launch of the next round.
4. No time for this WG to file formal comments.
5. PDP WG Co-Chairs may file individual comments.

Structure of the Initial Report (chronological order):

• Overarching issues
• Foundational issues
• Pre-launch activities
• Application submission
• Application processing
• Application evaluation/criteria
• Dispute proceedings
• String contention resolution
• Pre-delegation
• Contracting
• Post-delegation

Concern Over DNS Abuse: really?

This is a recent letter sent to the ICANN from the The Independent Compliance Working Party and focusing on DNS abuse. It is signed by Adobe Systems Inc. - DomainTools eBay Inc. - Facebook, Inc. - Microsoft Corporation and Time Warner Inc.

Useless?

I particularly focused on this line saying: "The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD". After more than 30 years facing phishing, spam and malwares...I really wonder "who" can still do anything about this.

I sometimes write to Registrars, Registries and the ICANN about domain name owners doing phishing and I admit that I never - NEVER - had anyone of them to act (ie: check the domain name and change its status to one that blocks the domain from harming consumers). Reading this letter, I see Trademarks seriously harmed by phishers and on the other side, I see organizations who won't act because a client is a client: phishers pay for their domain names. In France we have a saying: "pas vu pas pris".

The letter:
The undersigned global businesses and their customers depend upon the continuing security, stability and resiliency of the Internet, and thus have significant interests in domain name industry issues and outcomes. We are amongst the leaders in working to protect the interests of customers and those of the broader Internet from domain name system (DNS) abuse, in various ways. As long standing participants in ICANN- and industry-related conversations and policymaking, we are contacting you with our concerns about serious harm occurring to Internet users, and a request for action that we believe would serve the interests of the broader community.

Under your direction, ICANN’s Compliance team has broadened the various forms of feedback it seeks from the broader community. This is much appreciated. Accordingly, we write with concerns that you and your department are in a position to help resolve.

We commend ICANN for orienting its policymaking function towards a more data- and fact-based approach. This orientation of course depends on the availability of data and reports that provide an accurate view of the DNS and the impact of DNS abuse on stakeholders. While there is more data that needs to be collected and analyzed, it’s gratifying to see that ICANN Org is now in a better position to use and publish more widely available and reliable data to better evaluate DNS harm to users and more effectively exercise its responsibilities to help remedy ongoing harms.

Specifically, ICANN and the community now have at their disposal published data--namely, the Statistical Analysis of DNS Abuse in gTLDs (SADAG) report and the ongoing Domain Abuse Activity Reporting (DAAR) System regarding rates of abuse in the DNS. These rates are regrettably showing stark increases and serious concentrations of abuse across legacy and new gTLDs, registries and registrars, and in the proliferation of spam, malware, phishing and other harms. For example, according to the Domain Abuse Activity Reporting (DAAR) System report:

• The 25 most exploited TLDs account for 95% of the abuse complaints submitted to DAAR.
• Five TLDs alone are responsible for more than half of abuse complaints.

Additionally, according to the SADAG report:

• The number of abused phishing domains in legacy gTLDs is mainly driven by the .com gTLD and at the end of 2016 represents 82.5% (15,795 of 19,157) of all abused legacy gTLD domains considered in this study.
• …the five new gTLDs suffering from the highest concentrations of domain names used in phishing attacks listed on the APWG domain blacklist in the last quarter of 2016 collectively owned 58.7% of all blacklisted domains in all new gTLDs.
• …we observe as many as 182 and 111 abused .work and .xyz domains, respectively. The results indicate that the majority of .work domains were registered by the same person. 150 domains were registered on the same day using the same registrant information, the same registrar, and the domain names were composed of similar strings. Note that only 150 abused domains, blacklisted in the third quarter of 2015, influenced the security reputation of all new gTLDs.
• ...the overwhelming majority of malware domains, which were categorized as compromised, belong to one of four new gTLDs: .win, .loan, .top, and .link (77.1%, which represents 19,261 out of 24,987 domains).

You’ll agree these are troublesome statistics, and are antithetical to a secure and stable DNS administered by ICANN. We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates. Also, can ICANN provide any details as to whether the higher rates of abuse (as documented above by parties that appear not to be the subject of enforcement notices) correlates to specific breaches of the RA and RAA by the relevant contracted parties? Are there specific hurdles that Compliance perceives that inhibit enforcement activity against such contracted parties? Has ICANN prioritized its attention to compliance matters relating to such parties and does it have sufficient resources to handle them before they reach a new stage of criticality?

Specifically, is Compliance more assertively applying Specification 11(3)(b) of the Registry Agreement, compelling offending registry operators to disclose actions taken against security threats? How is ICANN’s Consumer Safeguards effort playing a stronger role in determining new areas for compliance action?

Not only do we look forward to hearing the details of ICANN Org’s comprehensive actions in this area, we seek, as an immediate and urgent matter, compliance action on the worst offenders in current ICANN reports.

We also would like to know additional ways in which the undersigned parties could support ICANN in this broad endeavor. If helpful to develop steps forward, we welcome an in-person meeting with you, other relevant ICANN Org executives, and your staff.

Over the long term, we suggest development of a data-driven roadmap for compliance based on key information and statistics. We encourage Compliance to consult with the wider community to help shape this data-driven roadmap, and we look forward to offering our further input. Thank you for your attention to this letter.

Read the full letter here. (PDF Download)

UPDATED: New gTLDs in your kids' future

Many people remember the .NAME new gTLD which qualified for a first name or a surname. I bought one at the time: “just in case” because the similar one ending in”.com” was not available and I thought that I‘d found a use for it (different from a redirection).

I checked my name in several new gTLD extensions and noticed that many first names have already been registered.

When thinking about my kids’ future: isn’t it time to secure a good domain name for them?

Available but Premium
I bought my three kids their first name in a specific domain name extension but I will be honest in saying that the extension chosen was not exactly the one I wanted. The reason for this was that a domain name could be expensive to renew, year after year. I don’t know when (and if) my kids will want to use them one day so…price is important. Also, a first name has value: a lot of value because many people have the same name. When looking for common first names, you will notice that there are many that are available as “Premium domains” and so on, at a higher price, for the reason I explained above.

Cheap but in niche TLDs
My name is “Jean” and this word has other meanings, it is also a short four letters word so it makes it even more complicated to find an available domain name in most extensions, even in new domain name extensions but niche ones. Shall I register jean.online for €9,000 because it is a generic TLD? Clearly not. I went to my Registrar and I found some first names available for registration for €3,19 but in niche extensions that my kids will never use.

For example, the “.bargains”, “.cash”, “.mba”, “.reisen” extensions and many others are extremely cheap to register and renewing the domain name is not so expensive but what is the point in registering my kids their first name in one of these extensions if they never use them?

Your kids and the future
I don’t know whether my kids will need a domain name in the future and, even is some ultra generic keywords will still be available in not so niche new gTLDs that could match with a business they might be interested in developing; I do not know either if their chosen business will match the generic domain name I chose for them. Hunting for their first name as a domain name is a good start I believe.

From my searches - and I wanted to register my kids their domain name in the same extension - I realized that I am not the only person to be looking for first names in new gTLDs. I also realized that, when searching, there are still extremely good domain names to register for your kid(s). The one I chose for mine are in the “.business” new gTLD.

I often hear that people often use more applications than they do for websites; the future is in apps. Let’s say that this is a fact but when starting a business, you often need a name and this can be the application’s name: why not start with your family’s name or the first name of your kid as a domain name? The risk is low and purely financial (a few Euros) but the value could be extremely high in a few years...for your kids.