Monday, April 30, 2018

How to index a redirection in Google?

I just hit "site:.sncf" to try to find out which are the two new domain names ending in ".sncf" which were just created and I found nothing new but www.wifi.sncf. The picture below is what appears, indexed in Google:


I clicked on it and noticed (again) that it is a redirection.

Question to Bill Hartzer (@bhartzer) : how do you index a redirection in Google?

Tuesday, April 24, 2018

Coming: the .SPORT new gTLD (update)

The .SPORT new gTLD is a long story...a very long one but the registry agreement was finally signed in November 2017.

The rules
It is a community Top-Level Domain, it means that only members of the "community" will be able to register such domain names. Here is what the official eligibility requirements say:

Two types of conditions must be fulfilled for the right to register a .SPORT name. These are:
  1. community membership and
  2. the additional requirements that the registrant’s role in the Sport community, as well as the registrant’s use of the registered domain name, must be:
    1. generally accepted as legitimate; and
    2. beneficial to the cause and the values of Sport; and
    3. commensurate with the role and importance of the registered domain name; and
    4. in good faith at the time of registration and thereafter.
Furthermore, registrants in .sport must be recognized performers, organizers, promoters or supporters of federated Sport, or belong to categories of registrants recognized by the .sport Policy Advisory Board (PAB).

These conditions must always be fulfilled. The strength of the validation is kept in line with the importance of the underlying domain name based on the assumption that a typical user would reasonably make.

To facilitate validation, registrants are required to state their intended use of the registered domain name. A false statement of intended use is an indication of bad faith and can be the basis for the suspension of the domain name.

Registrants are further required to have an administrative contact in the Performers or organizers of sport. This is verified in part automatically (through the postal code in the administrative contact record and by a human eyes review pre‐validation or post‐validation). The administrative contact may be any person or entity having received and accepted the mandate to act as such for the respective domain. (The registrar may act as administrative contact.) Any communications addressed to the administrative contact are deemed to have been brought to the attention of the domain holder. Validation checks include machine and human verification of address accuracy. The validation may be assisted through pre‐identification of potential registrants using existing community channels, in particular through promotion codes. After the launch phase, the validation mode goes from pre‐validation to post‐validation and later to statistically targeted random validation, backed up by a ongoing enforcement program. The validation and enforcement program are supported by an integrated issue tracking system. This system allows validating agents and personnel to cooperate and interact with the registrant. The system keeps track of decisions made by the agents and stores supplemental documentary evidence that may be supplied by the registrants."

My opinion
Community TLDs are "community TLDs", it means that domain names are blocked from being registered by anyone. It is a good solution when a registry can easily be financed but it is a very bad one to install domain names onto a market, unless of course, if all sports organizations have already decided to use one (which I doubt that it is already the case). My true opinion is that I wonder how long these rules will remain until it is decided that the .SPORT new gTLD opens to all. The story is always the exact same: at some point, someone notices that there are not enough domains on the market (or that the registry is not lucrative enough) and decides to open to all (for whatever other reason).

Now, when it comes to checking who registers a domain name (see in red above), I don't remember any registry checking all registrants prior to registering domain names so I believe that anyone with a connection to sport in general should be able to register a ".sport" domain name...at some point: not in the beginning of course but later...

Of course, all this is just my opinion and I could (probably not) be wrong ;-)

Not very optimistic, isn't it? (update)
Let's imagine that the .SPORT new gTLD is coming with something new: that kind of innovation that all participants were expecting in the first round of the ICANN new gTLD program? Well, I am not writing more but there's something really innovative coming and according to my understanding of this concept, it could be THAT expected method by all to install domain names on a market.

Check the official website here.

Thursday, April 19, 2018

The Vatican launches 4 new gTLDs

The Trademark Clearinghouse just published the dates for 4 Sunrise Periods. The Vatican is launching four "catholic" new gTLDs, one ASCII and three IDNs:
  1. The .CATHOLIC new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  2. The .天主教 (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  3. The .كاثوليك (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
  4. The .католик (catholic) new gTLD, when:
    1. START: Wednesday, 16 May, 2018 - 16:00;
    2. END: Friday, 15 June, 2018 - 16:00.
What for?
What the .CATHOLIC new gTLD application says: "The mission⁄purpose of the .catholic TLD is to share the teachings, message and values of the Catholic Church with its own members and with the wider global community, by creating a dedicated, authoritative online space for the exclusive use of the Catholic Church and its constituent institutions, including dioceses, religious orders, institutes of consecrated life and organizations affiliated to the Catholic Church, and for the benefit of its adherents globally. The .catholic TLD will serve as an important method of communication for the Church, by establishing a formal and official channel for online communications via the appropriate channels of the Catholic Church. This function of the TLD is consistent with the Church’s core activities, as communication is important in the life of the Church insofar as it facilitates the sharing of information and helps build a sense of community and belonging amongst its adherents. The .catholic TLD will complement the Church’s long established global network of communications activities including print and digital media, television and radio".

Who for?
The applications says that these domain names won't be available for registration (note that this can change): "All domain name registrations in the .catholic TLD will be registered to, and maintained by, the PCCS for the exclusive use of the PCCS and the constituent institutions of the Church. The PCCS will not sell, distribute or transfer control or use of any registration in the TLD to any third party that is not identified within the TLD Catholic Community. As such, individual adherents will not be eligible to register or be granted use of .catholic domain names. Dioceses, religious orders and institutions as found in the “Annuario Pontificio” (the official annual directory of all the institutions related to the Holy See) are recognised as members of the TLD Catholic Community, by virtue of their being formally recognised by the Catholic Church. This recognition is primarily, though not exclusively, evidenced by inclusion in the Annuario Pontificio. The PCCS will maintain a list of institutions formally recognised by the Holy See as falling within the Catholic Church.
Each diocese, official religious order of the Catholic Church and Church-affiliated institution, may be granted use of an associated .catholic domain name to facilitate the establishment of formal and official channels of online communication for the Catholic Church, and promote the overall mission⁄purpose of the .catholic TLD. The use of the domain names by these institutions is subject to internal acceptable use policies".

Religious new gTLDs
Once a month we update new gTLD registration volumes for Religion at Jovenet Consulting, check for "religions" in our list of reports.

Check the Trademark Clearinghouse Calendar for more.

Wednesday, April 18, 2018

(UPDATE) Phishing: let's be frank

I just finished a procedure which consisted in declaring a domain name hosting a phishing operation and it took one month "for the procedure to end". The domain name is still active and, according to the ICANN, the Registrar hosting the website "demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse". I won't verify that because I already wasted too much time sending emails and checking answers to follow procedures.

The ICANN "does things"
Something that I have to admit is that the ICANN did something and without the ICANN taking my complaint into account, nothing would have probably happened. The reason why I write this is that the Registrar to which I complained...never answered me in return. It seems that ICANN had to be involved for my complaint to be considered by this Registrar.


This is not enough
There are procedures: they exist and according to the agreement that all accredited Registrars sign with the ICANN, they have to act but in my case...the Registrar incriminated did not. Let's say that he did but long after my complaint was sent and after I complained to the ICANN. I suspect that such situations must happen often. Also, I have been long enough in this industry to know that these procedures exist only to exist: who knows where to write and who writes to an accredited Registrar to complain about a domain name used for phishing?

The problem
Dealing with phishing is a problem and this is not going to change:
  1. We have useless procedures to declare domain names used for phishing operations:
    1. it is unclear: where do you declare? At the ICANN, the Registrar, the Registry or the totally useless Anti-Phishing Working Group (APWG)?
    2. procedures are difficult to find.
    3. what happens when a lazy Registrar just does not answer: do you...wait for him to take the lead? (believe me I tried)
  2. The volume of new gTLDs is increasing and - unless I am the only one in the world - I receive more phishing attempts, they are industrialized and more sophisticated: with such procedures, are we solving the problem? No.
In the hands of Registrars
I asked Verisign the question about "what is it that I should do in the case of phishing". The Verisign support was very fast answering me:

My question:
What should I do when I have identified a ".com" domain name hosting a phishing operation?
Their answer:
You can report phishing domain names to the sponsoring Registrar of the domain name.
You may use the WHOIS service on our homepage to identify the Registrar of the domain name:
https://www.verisign.com/en_US/domain-names/whois/index.xhtml
So I had another question:
I did already but it took more than one month (as you can read here:
https://www.guillon.blog/2018/04/update-phishing-few-weeks-after.html) and the only results were issued from the ICANN, the Registrar did nothing. My question is more simple: isn't there a form at the ".com" Registry (Verisign) where I can complain so a domain name can be investigated faster and taken down?
Their kind answer:
No, unfortunately we do not have such service.
In order for Verisign to take down any domains, Verisign will need a valid Court Order in which our Legal needs to review and accept before we can take any further action.
The Registry is the legal entity to allow the creation of domain names and, in the case of ".com" domain names, it has to go through the Registrar. At least, the answer is clear.

UPDATE
I asked the same question to what I call "a Multiple Registry" It is an operator, Donuts Inc. here, which is operating several new domain name extensions.

My question:
Can you take a domain name down if operated by a Donuts registry in the case of phishing?
Their answer:
Donuts takes reports of abuse seriously. If you need to report a domain name that is being used for an abusive or malicious purpose, please fill in the fields below, and submit to us.
My understanding of this is that the registry for ".com" domain names won't act directly and will direct you to the accredited registrar in charge of the domain name; or it will act if there is a court order. On the other hand, this multiple registry I asked the question to would probably act without a court order. The problem dealing with Registrars is that they don't necessarily act and when they do, they can be very slow. I will take the Donuts Answer for granted here and will consider that I might have found another good reason to promote new gTLDs.
End of the update

My "have balls" solution: responsibility and rudeness
Registrants (owners of domain names) are responsible for what they publish, shouldn't the problem be considered differently and the responsibility of a phishing operation transferred to the Registrant?

Changing the status of a domain name can be done faster at the Registry level, not at the Registrar. If the Registry were to receive the complaint and the one to investigate, it could act faster. That means:
  • Identify if a domain name is in use for a phishing operation;
  • Change the status of the domain to one informing users in the Whois;
  • Change the DNS to a parked page that is not hurting consumers:
    • advertise the reason for this change of front page ("ongoing phishing operation" or "domain name used for a phishing operation", ...);
    • advertise the name of the accredited Registrar (so he is faster contacting his client to get rid of this status and front page ;-)
  • Registry to contact the famous "abuse" email at the Registrar (that one they don't particularly pay attention to) to inform him about this change of status. 
  • Change the DNS back to the previous one when the Registrant/Registrar have done some cleaning.
Rude isn't it? The problem with rules is that few follow them on Internet. I am referring here to the agreement that registrars sign with the ICANN: it shouldn't take one month and so many emails shared for a phishing operation to be taken down. Also, many working groups probably work very hard but ... some problems like phishing and spam are not decreasing at all...the opposite is happening. Isn't it time to set up solutions that work?

"Consumers first".

Friday, April 13, 2018

UPDATE: Phishing, a few weeks after

I wrote a small article (in French) on several procedures that I just tried at the ICANN and at a Registrar hosting a domain name used for phishing.


What we did
Basically, ICANN offers 2 emails to write to and we also used two different procedures at the Registrar concerned: the abuse email and a dedicated form.

The result is the one expected: the ICANN created a case and answered us the below but none of the other two parties we contacted even answered us.

Answer received from ICANN
Dear Jean Guillon,
Thank you for contacting the ICANN Global Support Center.
I will be happy to provide you with further information. Please note, the 2013 Registrar Accreditation Agreement (RAA) requires ICANN-accredited registrars to provide abuse contact information, take steps to investigate reports, and respond appropriately to any reports of abuse. The full abuse contact requirements can be found in Section 3.18 of the 2013 RAA at: https://www.icann.org/resources/pages/approved-with-specs-2013-09-17-en#3.18 .
For more information about Registrar Abuse Reports and the type of reports, please see: https://www.icann.org/resources/pages/abuse-2014-01-29-en .
If you wish to submit a complaint to our Contractual Compliance about the registrar failing to comply with the requirements, please complete the form at:https://forms.icann.org/en/resources/compliance/complaints/registrars/standards-complaint-form .
Please allow 3-5 business days for our Contractual Compliance Team to respond to your complaint submission.
I hope this information is helpful to you. Please contact us if you have any additional questions or concerns. This case will now be resolved. Thank you for contacting ICANN.
The ICANN form (...)
I submitted a complaint to the Contractual Compliance Team (as suggested in the answer received by the ICANN) but at this stage, I thought that ICANN would already have acted since I already sent all informations: this form is probably going to be sent to the Register.it

26 of March 2018
  • ICANN ask the same informations + a copy of the abuse email that I sent to Register IT with my authorization to contact them (...);
  • They also write that I did not fill in their form correctly (...).
I resend them all this (...).

13 of April 2018(and after informing the ICANN (who answered it would inform the Registrar))
I received an email from Register.it and here what it says: "Dear Sir according to ICANN request, here below a summary of actions taken by our Abuse Team with reference to your request, please be informed that":
  • "on March 8, 2018 we have received your abuse report (copies of emails received are attached)": I never received confirmation of this.
  • "In the following 24 hours our dedicated Abuse Team has examined the issue and taken the necessary steps to solve it": I seriously doubt it but surprisingly, after complaining several times to the ICANN and after more than a month, Register.it returned with this answer.
  • "Each abuse report requests of course different actions, in this case they intervened removing the dangerous involved folders": do I understand that you removed a client's folder hosted with you? I checked the sub-domain and it is still in place and not pointing to an error.
  • "Customer has been then accordingly informed. Just for your further information in this case RNH and AH are the same entity": I have no idea what this means and I would have expected the domain to be a little more investigated because the whois still shows a "Domain Status:ok".
16 of April 2018
After more than one month exchanging with registrar and ICANN and for one single domain name hosting a phishing operation, ICANN considers that the abuse complaint is closed:
"Dear Jean Guillon,
Thank you for submitting an Abuse complaint concerning the registrar REGISTER.IT SPA. ICANN has reviewed and closed your complaint because:
 
- The registrar demonstrated that it took reasonable and prompt steps to investigate and respond appropriately to the report of abuse. 
ICANN considers this matter now closed.
Please do not reply to the email. If you require future assistance, please email compliance@icann.org; if you have a new complaint, please submit it at http://www.icann.org/resources/compliance/complaints .
 
ICANN is requesting your feedback on this closed complaint. Please complete this optional survey at https://www.surveymonkey.com/s/8F2Z6DP?ticket=changed .
Sincerely,
 
ICANN Contractual Compliance
Let's be honest: WHO GOES AS FAR AS THIS WHEN RECEIVING A PHISHING EMAIL AND WHO UNDERSTANDS SUCH ANSWERS?

Score
Phishers / Gmail filter = 1
Icann / Register.it = 0

Useless procedures
This way to proceed against phishing for end users is an absolute nonsense: the ICANN procedures and rules for such common problems are useless.

Read my article in French.

The .CHARITY new gTLD: contract signed

On 11 April 2018, ICANN and Corn Lake, LLC, entered into a Registry Agreement under which Corn Lake, LLC, operates the .CHARITY top-level domain.


2 IDN competitors
There are two other IDN new gTLDs meaning "charity" in Chinese (note that one of the two could be a mistake on the ICANN website:
  1. The ".慈善" (".xn--30rr7y", "charity", /cishan/) new gTLD, delegated in March 2015 and which has 7 domain names created,
  2. The ".公益" (".xn--55qw42g" – Chinese for "charity") new gTLD, delegated in December 2013 and which has 21 domains created.
Details of the latest signed new gTLD agreements can be found here.

Thursday, April 12, 2018

Is the .CANON new gTLD finally here?

The .CANON new gTLD was delegated in february 2015 and was one of the first dotBrand extensions to have been announced, long prior to the first round of the ICANN new gTLD program to begin.
In 3 years, its number of registrations stagnated but recently 11 more domain names were created and it appears than more are coming: the .CANON new gTLD has grown from 18 to 29 new ".canon" domains created in March 2018. Some of these registrations are:
  • https://us.medical.canon/
  • http://machinery.canon/en/
  • https://etd.canon/eng/
  • http://compo.canon/en/
  • http://miyazaki.canon/
  • http://global.canon/ja/
  • https://myid.canon/canonid/#/login
  • ...
More numbers
Canon is a major camera manufacturer but other camera trademarks have acquired their personalized domain name extension:
  • The .NIKON new gTLD had 1 domain name registered in March 2018;
  • The .PANASONIC had 2;
  • The .YODOBASHI has 1;
  • The .PANASONIC had 2;
  • The .SONY had 9;
  • The .OLYMPUS application was withdrawn.
The new gTLD report related to photography is updated at the end of April, let's see if Canon registers more domains.

Monday, April 9, 2018

Will it be .ONLINE or .ONL ?

I just noticed that the .ONLINE new gTLD has a competitor: there is a .ONL extension too. As the registry websites states: ".ONL provides limitless access to everything online. It's the natural domain for all of your online activities".


More about this registry can be found here.

A few numbers
  • The .ONLINE new gTLD has 812.000 domain names registered;
  • The .ONL new gTLD has 5,270 domains registered.
I didn't notice the .ONL Top-Level Domain meant "online" until today (...) so I added to it to the similar TLDs' list.

Friday, April 6, 2018

Verified Twitter accounts for Registries

A domain name extension is operated by what we call a "Registry", a monopolistic situation since there is one registry - worldwide - for a domain name extension. Let's give an example here, the registry for ".club" domain names is .Club Domains, LLC : a company based in Florida. For the ".eco" Top-Level Domain (example shown below), it is...this company.

Making sense
As an intense follower of the worldwide new gTLD activity, I noticed that some registries' Twitter account start to "be verified". In more simple words, it means that they are legitimate. In even more simple words, it means that they really are who they say they are: the legal monopolistic organization to have been granted authorization to deploy a new domain name extension by the ICANN.

The information can be confusing on Twitter when following the news about a TLD: many applicants started to promote their extension before learning that there could be more than one applicant (...) In other words, there are several accounts on Twitter looking like they could be an official registry account (but they are not). The ".eco" is an official one.

In terms of wording, it can be confusing too since those to buy domain names, or those with an interest to follow news about a certain TLD, are not necessarily familiar with the vocabulary used in the domain name space: when finding the unverified Twitter account of a registry, a user can fall onto a crap domainer twitter account trying re-sell domain names from that registry. Most of the domaining activity is absolutely not connected to the registries, registries often have their own premium domains program.

I strongly believe that it makes sense for a registry to ask to have its Twitter account "verified":

  1. As a person involved in domain name things, it is of interest to me and it probably is the same for many IP and IT departments involved in domain name operations;
  2. It should be an easy task since a registry is a monopoly so it matches with the Twitter definition of a verified account: "An account may be verified if it is determined to be an account of public interest. Typically this includes accounts maintained by users in music, acting, fashion, government, politics, religion, journalism, media, sports, business, and other key interest areas". Isn't a legal monopolistic position a key interest area?
How to
First, it would be a good thing for registries (but .BRANDS maybe) to have a twitter account. Then it would make sense to use it because most believe that it is the job of accredited registrar to promote their TLD when domain name registration volumes have clearly demonstrated that it is not.
Second, Registries should have a strategy because adopting a Twitter account will generate interest and an account which does not publish anything sends a bad messages to potential registrars and registrants.

Then, registries should read that page and learn more about verified Twitter accounts but...don't expect to be verified soon because:
  1. Being verified takes time;
  2. Twitter has temporarily stopped verifying accounts so you will have to wait.
To registries: once verified, send me your Twitter account, I'll be happy to shout out loud.

Tuesday, April 3, 2018

Better than nothing for .BRAND new gTLDs

When going to Google and entering this in the search field: "site:.TLD" (without quotations and where "TLD" stands for a new domain name extension), you will notice that many of them have redirections indexed in Google. I really don't understand Google's logic behind this but...redirections are indexed.

Not all Trademarks use their .BRAND
In the recent updated new gTLD reports, it is noticeable that more Trademarks to have acquired their .BRAND domain name extension, do register more of their domain names. On the other hand, it is also noticeable that some .BRANDs are still "pending activation": I mean by this that they are delegated and fully functional but their owners have only registered one single domain name (the nic.TLD most of the time which presents the TLD's rules).

What are .BRANDs waiting for then?
If no use is found of a .BRAND domain name extension then I don't understand why those trademarks with various local presences worldwide, or present in various cities, don't use redirections using city names just to be better indexed in Google.

I had a look at the famous .CLUBMED new gTLD and it has 6 ".clubmed" domain names registered (see the March 2018 update). The French Club Mediteranée is a famous French travel agency and has a presence in several cities in most of the countries in the world. Wouldn't a redirection like https://trancoso.clubmed to https://www.clubmed.fr/r/Trancoso/y be a idea to industrialize for all destinations?

If redirections can be risky to use, I wonder if it is better to be charged for a .BRAND new gTLD and not do anything with it. I believe it can be worth it to have a redirection strategy put in place instead of throwing money at the wall.

DotBrand new gTLD applicant are not doing this so is it the cost of each domain names which is the issue? I doubt it is because it already cost each applicants $25,000 a year just in ICANN fees. So what is it then?

For questions, contact Jovenet Consulting.

.BRAND new gTLD Reports are updated once a month: CLICK HERE !