Monday, April 30, 2018

How to index a redirection in Google?

I just hit "site:.sncf" to try to find out which are the two new domain names ending in ".sncf" which were just created and I found nothing new but www.wifi.sncf. The picture below is what appears, indexed in Google:


I clicked on it and noticed (again) that it is a redirection.

Question to Bill Hartzer (@bhartzer) : how do you index a redirection in Google?

Tuesday, April 24, 2018

Coming: the .SPORT new gTLD (update)

The .SPORT new gTLD is a long story...a very long one but the registry agreement was finally signed in November 2017.

The rules
It is a community Top-Level Domain, it means that only members of the "community" will be able to register such domain names. Here is what the official eligibility requirements say:

Two types of conditions must be fulfilled for the right to register a .SPORT name. These are:
  1. community membership and
  2. the additional requirements that the registrant’s role in the Sport community, as well as the registrant’s use of the registered domain name, must be:
    1. generally accepted as legitimate; and
    2. beneficial to the cause and the values of Sport; and
    3. commensurate with the role and importance of the registered domain name; and
    4. in good faith at the time of registration and thereafter.
Furthermore, registrants in .sport must be recognized performers, organizers, promoters or supporters of federated Sport, or belong to categories of registrants recognized by the .sport Policy Advisory Board (PAB).

These conditions must always be fulfilled. The strength of the validation is kept in line with the importance of the underlying domain name based on the assumption that a typical user would reasonably make.

To facilitate validation, registrants are required to state their intended use of the registered domain name. A false statement of intended use is an indication of bad faith and can be the basis for the suspension of the domain name.

Registrants are further required to have an administrative contact in the Performers or organizers of sport. This is verified in part automatically (through the postal code in the administrative contact record and by a human eyes review pre‐validation or post‐validation). The administrative contact may be any person or entity having received and accepted the mandate to act as such for the respective domain. (The registrar may act as administrative contact.) Any communications addressed to the administrative contact are deemed to have been brought to the attention of the domain holder. Validation checks include machine and human verification of address accuracy. The validation may be assisted through pre‐identification of potential registrants using existing community channels, in particular through promotion codes. After the launch phase, the validation mode goes from pre‐validation to post‐validation and later to statistically targeted random validation, backed up by a ongoing enforcement program. The validation and enforcement program are supported by an integrated issue tracking system. This system allows validating agents and personnel to cooperate and interact with the registrant. The system keeps track of decisions made by the agents and stores supplemental documentary evidence that may be supplied by the registrants."

My opinion
Community TLDs are "community TLDs", it means that domain names are blocked from being registered by anyone. It is a good solution when a registry can easily be financed but it is a very bad one to install domain names onto a market, unless of course, if all sports organizations have already decided to use one (which I doubt that it is already the case). My true opinion is that I wonder how long these rules will remain until it is decided that the .SPORT new gTLD opens to all. The story is always the exact same: at some point, someone notices that there are not enough domains on the market (or that the registry is not lucrative enough) and decides to open to all (for whatever other reason).

Now, when it comes to checking who registers a domain name (see in red above), I don't remember any registry checking all registrants prior to registering domain names so I believe that anyone with a connection to sport in general should be able to register a ".sport" domain name...at some point: not in the beginning of course but later...

Of course, all this is just my opinion and I could (probably not) be wrong ;-)

Not very optimistic, isn't it? (update)
Let's imagine that the .SPORT new gTLD is coming with something new: that kind of innovation that all participants were expecting in the first round of the ICANN new gTLD program? Well, I am not writing more but there's something really innovative coming and according to my understanding of this concept, it could be THAT expected method by all to install domain names on a market.

Check the official website here.

Thursday, April 19, 2018

The Vatican launches 4 new gTLDs

The Trademark Clearinghouse just published the dates for 4 Sunrise Periods. The Vatican is launching four "catholic" new gTLDs, one ASCII and three IDNs:
  1. The .CATHOLIC new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  2. The .天主教 (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  3. The .كاثوليك (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  4. The .католик (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
What for?
What the .CATHOLIC new gTLD application says: "The mission⁄purpose of the .catholic TLD is to share the teachings, message and values of the Catholic Church with its own members and with the wider global community, by creating a dedicated, authoritative online space for the exclusive use of the Catholic Church and its constituent institutions, including dioceses, religious orders, institutes of consecrated life and organizations affiliated to the Catholic Church, and for the benefit of its adherents globally. The .catholic TLD will serve as an important method of communication for the Church, by establishing a formal and official channel for online communications via the appropriate channels of the Catholic Church. This function of the TLD is consistent with the Church’s core activities, as communication is important in the life of the Church insofar as it facilitates the sharing of information and helps build a sense of community and belonging amongst its adherents. The .catholic TLD will complement the Church’s long established global network of communications activities including print and digital media, television and radio".

Who for?
The applications says that these domain names won't be available for registration (note that this can change): "All domain name registrations in the .catholic TLD will be registered to, and maintained by, the PCCS for the exclusive use of the PCCS and the constituent institutions of the Church. The PCCS will not sell, distribute or transfer control or use of any registration in the TLD to any third party that is not identified within the TLD Catholic Community. As such, individual adherents will not be eligible to register or be granted use of .catholic domain names. Dioceses, religious orders and institutions as found in the “Annuario Pontificio” (the official annual directory of all the institutions related to the Holy See) are recognised as members of the TLD Catholic Community, by virtue of their being formally recognised by the Catholic Church. This recognition is primarily, though not exclusively, evidenced by inclusion in the Annuario Pontificio. The PCCS will maintain a list of institutions formally recognised by the Holy See as falling within the Catholic Church.
Each diocese, official religious order of the Catholic Church and Church-affiliated institution, may be granted use of an associated .catholic domain name to facilitate the establishment of formal and official channels of online communication for the Catholic Church, and promote the overall mission⁄purpose of the .catholic TLD. The use of the domain names by these institutions is subject to internal acceptable use policies".

Religious new gTLDs
Once a month we update new gTLD registration volumes for Religion at Jovenet Consulting, check for "religions" in our list of reports.

Check the Trademark Clearinghouse Calendar for more.

Wednesday, April 18, 2018

(UPDATE) Phishing: let's be frank

I just finished a procedure which consisted in declaring a domain name hosting a phishing operation and it took one month "for the procedure to end". The domain name is still active and, according to the ICANN, the Registrar hosting the website "demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse". I won't verify that because I already wasted too much time sending emails and checking answers to follow procedures.

The ICANN "does things"
Something that I have to admit is that the ICANN did something and without the ICANN taking my complaint into account, nothing would have probably happened. The reason why I write this is that the Registrar to which I complained...never answered me in return. It seems that ICANN had to be involved for my complaint to be considered by this Registrar.


This is not enough
There are procedures: they exist and according to the agreement that all accredited Registrars sign with the ICANN, they have to act but in my case...the Registrar incriminated did not. Let's say that he did but long after my complaint was sent and after I complained to the ICANN. I suspect that such situations must happen often. Also, I have been long enough in this industry to know that these procedures exist only to exist: who knows where to write and who writes to an accredited Registrar to complain about a domain name used for phishing?

The problem
Dealing with phishing is a problem and this is not going to change:
  1. We have useless procedures to declare domain names used for phishing operations:
    1. it is unclear: where do you declare? At the ICANN, the Registrar, the Registry or the totally useless Anti-Phishing Working Group (APWG)?
    2. procedures are difficult to find.
    3. what happens when a lazy Registrar just does not answer: do you...wait for him to take the lead? (believe me I tried)
  2. The volume of new gTLDs is increasing and - unless I am the only one in the world - I receive more phishing attempts, they are industrialized and more sophisticated: with such procedures, are we solving the problem? No.
In the hands of Registrars
I asked Verisign the question about "what is it that I should do in the case of phishing". The Verisign support was very fast answering me:

My question:
What should I do when I have identified a ".com" domain name hosting a phishing operation?
Their answer:
You can report phishing domain names to the sponsoring Registrar of the domain name.
You may use the WHOIS service on our homepage to identify the Registrar of the domain name:
https://www.verisign.com/en_US/domain-names/whois/index.xhtml
So I had another question:
I did already but it took more than one month (as you can read here:
https://www.guillon.blog/2018/04/update-phishing-few-weeks-after.html) and the only results were issued from the ICANN, the Registrar did nothing. My question is more simple: isn't there a form at the ".com" Registry (Verisign) where I can complain so a domain name can be investigated faster and taken down?
Their kind answer:
No, unfortunately we do not have such service.
In order for Verisign to take down any domains, Verisign will need a valid Court Order in which our Legal needs to review and accept before we can take any further action.
The Registry is the legal entity to allow the creation of domain names and, in the case of ".com" domain names, it has to go through the Registrar. At least, the answer is clear.

UPDATE
I asked the same question to what I call "a Multiple Registry" It is an operator, Donuts Inc. here, which is operating several new domain name extensions.

My question:
Can you take a domain name down if operated by a Donuts registry in the case of phishing?
Their answer:
Donuts takes reports of abuse seriously. If you need to report a domain name that is being used for an abusive or malicious purpose, please fill in the fields below, and submit to us.
My understanding of this is that the registry for ".com" domain names won't act directly and will direct you to the accredited registrar in charge of the domain name; or it will act if there is a court order. On the other hand, this multiple registry I asked the question to would probably act without a court order. The problem dealing with Registrars is that they don't necessarily act and when they do, they can be very slow. I will take the Donuts Answer for granted here and will consider that I might have found another good reason to promote new gTLDs.
End of the update

My "have balls" solution: responsibility and rudeness
Registrants (owners of domain names) are responsible for what they publish, shouldn't the problem be considered differently and the responsibility of a phishing operation transferred to the Registrant?

Changing the status of a domain name can be done faster at the Registry level, not at the Registrar. If the Registry were to receive the complaint and the one to investigate, it could act faster. That means:
  • Identify if a domain name is in use for a phishing operation;
  • Change the status of the domain to one informing users in the Whois;
  • Change the DNS to a parked page that is not hurting consumers:
    • advertise the reason for this change of front page ("ongoing phishing operation" or "domain name used for a phishing operation", ...);
    • advertise the name of the accredited Registrar (so he is faster contacting his client to get rid of this status and front page ;-)
  • Registry to contact the famous "abuse" email at the Registrar (that one they don't particularly pay attention to) to inform him about this change of status. 
  • Change the DNS back to the previous one when the Registrant/Registrar have done some cleaning.
Rude isn't it? The problem with rules is that few follow them on Internet. I am referring here to the agreement that registrars sign with the ICANN: it shouldn't take one month and so many emails shared for a phishing operation to be taken down. Also, many working groups probably work very hard but ... some problems like phishing and spam are not decreasing at all...the opposite is happening. Isn't it time to set up solutions that work?

"Consumers first".

Friday, April 13, 2018

UPDATE: Phishing, a few weeks after

I wrote a small article (in French) on several procedures that I just tried at the ICANN and at a Registrar hosting a domain name used for phishing.


What we did
Basically, ICANN offers 2 emails to write to and we also used two different procedures at the Registrar concerned: the abuse email and a dedicated form.

The result is the one expected: the ICANN created a case and answered us the below but none of the other two parties we contacted even answered us.

Answer received from ICANN
Dear Jean Guillon,
Thank you for contacting the ICANN Global Support Center.
I will be happy to provide you with further information. Please note, the 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information, take steps to investigate reports, and respond appropriately to any reports of abuse. The full abuse contact requirements can be found in Section 3.18 of the 2013 RAA at: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#3.18 .
For more information about Registrar Abuse Reports and the type of reports, please see: https://www.icann.org/resources/pages/abuse-2014-01-29-en .
If you wish to submit a complaint to our Contractual Compliance about the registrar failing to comply with the requirements, please complete the form at:https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form .
Please allow 3-5 business days for our Contractual Compliance Team to respond to your complaint submission.
I hope this information is helpful to you. Please contact us if you have any additional questions or concerns. This case will now be resolved. Thank you for contacting ICANN.
The ICANN form (...)
I submitted a complaint to the Contractual Compliance Team (as suggested in the answer received by the ICANN) but at this stage, I thought that ICANN would already have acted since I already sent all informations: this form is probably going to be sent to the Register.it

26 of March 2018
  • ICANN ask the same informations + a copy of the abuse email that I sent to Register IT with my authorization to contact them (...);
  • They also write that I did not fill in their form correctly (...).
I resend them all this (...).

13 of April 2018(and after informing the ICANN (who answered it would inform the Registrar))
I received an email from Register.it and here what it says: "Dear Sir according to ICANN request, here below a summary of actions taken by our Abuse Team with reference to your request, please be informed that":
  • "on March 8, 2018 we have received your abuse report (copies of emails received are attached)": I never received confirmation of this.
  • "In the following 24 hours our dedicated Abuse Team has examined the issue and taken the necessary steps to solve it": I seriously doubt it but surprisingly, after complaining several times to the ICANN and after more than a month, Register.it returned with this answer.
  • "Each abuse report requests of course different actions, in this case they intervened removing the dangerous involved folders": do I understand that you removed a client's folder hosted with you? I checked the sub-domain and it is still in place and not pointing to an error.
  • "Customer has been then accordingly informed. Just for your further information in this case RNH and AH are the same entity": I have no idea what this means and I would have expected the domain to be a little more investigated because the whois still shows a "Domain Status:ok".
16 of April 2018
After more than one month exchanging with registrar and ICANN and for one single domain name hosting a phishing operation, ICANN considers that the abuse complaint is closed:
"Dear Jean Guillon,
Thank you for submitting an Abuse complaint concerning the registrar REGISTER.IT SPA. ICANN has reviewed and closed your complaint because:
 
- The registrar demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse. 
ICANN considers this matter now closed.
Please do not reply to the email. If you require future assistance, please email compliance@icann.org; if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints .
 
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey at https://www.surveymonkey.com/s/8F2Z6DP?ticket=changed .
Sincerely,
 
ICANN Contractual Compliance
Let's be honest: WHO GOES AS FAR AS THIS WHEN RECEIVING A PHISHING EMAIL AND WHO UNDERSTANDS SUCH ANSWERS?

Score
Phishers / Gmail filter = 1
Icann / Register.it = 0

Useless procedures
This way to proceed against phishing for end users is an absolute nonsense: the ICANN procedures and rules for such common problems are useless.

Read my article in French.

The .CHARITY new gTLD: contract signed

On 11 April 2018, ICANN and Corn Lake, LLC, entered into a Registry Agreement under which Corn Lake, LLC, operates the .CHARITY top-level domain.


2 IDN competitors
There are two other IDN new gTLDs meaning "charity" in Chinese (note that one of the two could be a mistake on the ICANN website:
  1. The ".慈善" (".xn--30rr7y", "charity", /cishan/) new gTLD, delegated in March 2015 and which has 7 domain names created,
  2. The ".公益" (".xn--55qw42g" – Chinese for "charity") new gTLD, delegated in December 2013 and which has 21 domains created.
Details of the latest signed new gTLD agreements can be found here.

Thursday, April 12, 2018

Is the .CANON new gTLD finally here?

The .CANON new gTLD was delegated in february 2015 and was one of the first dotBrand extensions to have been announced, long prior to the first round of the ICANN new gTLD program to begin.
In 3 years, its number of registrations stagnated but recently 11 more domain names were created and it appears than more are coming: the .CANON new gTLD has grown from 18 to 29 new ".canon" domains created in March 2018. Some of these registrations are:
  • https://us.medical.canon/
  • http://machinery.canon/en/
  • https://etd.canon/eng/
  • http://compo.canon/en/
  • http://miyazaki.canon/
  • http://global.canon/ja/
  • https://myid.canon/canonid/#/login
  • ...
More numbers
Canon is a major camera manufacturer but other camera trademarks have acquired their personalized domain name extension:
  • The .NIKON new gTLD had 1 domain name registered in March 2018;
  • The .PANASONIC had 2;
  • The .YODOBASHI has 1;
  • The .PANASONIC had 2;
  • The .SONY had 9;
  • The .OLYMPUS application was withdrawn.
The new gTLD report related to photography is updated at the end of April, let's see if Canon registers more domains.

Monday, April 9, 2018

Will it be .ONLINE or .ONL ?

I just noticed that the .ONLINE new gTLD has a competitor: there is a .ONL extension too. As the registry websites states: ".ONL provides limitless access to everything online. It's the natural domain for all of your online activities".


More about this registry can be found here.

A few numbers
  • The .ONLINE new gTLD has 812.000 domain names registered;
  • The .ONL new gTLD has 5,270 domains registered.
I didn't notice the .ONL Top-Level Domain meant "online" until today (...) so I added to it to the similar TLDs' list.

.BRAND new gTLD Reports are updated once a month: CLICK HERE !