Friday, February 22, 2019

Houston? We lost .STAR

I am sure that the so many groups working to prepare the next round of the ICANN new gTLD program will have come with a solution for the problem after.

Applications' contacts
There are two contacts to list when submitting a new gTLD application:
  1. A primary contact;
  2. A secondary contact.
These two contacts are important; they are the two references for the entire new gTLD application. It can take time for an application to launch and many things can happen between the moment you submit your application to the ICANN and the moment the TLD is "live"; sometimes up to 10 years. In 10 years, it is not rare that the employee of a company changes job (inside or outside of the company). It is what's happened with this registry.

Knock Knock?
I found out about the .STAR new gTLD and contacted the operator:
  1. I fist went to nic.star. This second level domain is reserved to registries and often introduces the TLD. Lucky me, there was a contact page with an email but writing to it, I received an error in return with a "We're writing to let you know that the group you tried to contact (xxx) may not exist, or you may not have permission to post messages to the group..." Strange, this is the email of a group and anyway...there is a problem with the email.
  2. I went to the new gTLD application and checked the primary contact and I found...a Gmail address, so I wrote to it. I doubled checked on LinkedIn and found that the contact - not only uses an email external to the company, but also...he left the company.
  3. I checked the secondary contact and sent the same email. Guess what: this is the answer I received from the server: "Your message wasn't delivered to xxx@xxx.combecause the address couldn't be found, or is unable to receive mail" (note that I changed the email for this publication). This is bad luck because none of the two most important contacts of the application can't be reached by email and the Gmail address could be used by...anyone.
  4. I finally went to the IANA website, which lists all registries and I found an email for the administrative contact to whom I wrote to (I'll come back on this if I receive an answer).
A security hole?
You can have the best tools and the best technique to achieve your goals, but it also happens that security problems are not necessarily technical ones but human ones: who knows if these emails were not used for something else as important as a $185,000.00 new gTLD application? Using an email on which the company has no control for such projects can cause serious security breaches.

New gTLD applications require an update
I already noticed that many applications are not up-to-date. For example, some have changed hands and the contacts are not the same anymore. It also appears that question 18/A ("Describe the mission/purpose of your proposed gTLD") does not reflect the mission of the gTLD anymore.
I believe that the ICANN should ask applicants to check their new gTLD application (and if possible, without asking them to pay for this) - to update question 18/A at least, but ensure that primary and secondary contacts...are the good ones.

.BRAND new gTLD Reports are updated once a month: CLICK HERE !