Domain Names

2020 Hindsight After 20 Years at ICANN

After two decades of involvement with ICANN, I am stepping down from the Board of Directors, where I served for nine years. I have spent considerable time of late reflecting on the past 20 years, and I have isolated some memories that help frame my time with ICANN. ... November 2000, ICANN07 in Marina del Rey, California - With only a scant idea of what ICANN is all about, I am warmly welcomed by the flag-wearing country code top-level domain (ccTLD) community, who come to ICANN to ensure that nothing happens to affect the independence of ccTLDs... more

US Election-Related Web Properties Prone to Fraud and Misinformation Due to Lack of Domain Security

The risks of fraud and disinformation in the U.S. election process have been hiding in plain sight. CSC's new research finds that a large majority of web domains closely linked to the campaign websites for Joe Biden and Donald Trump lack basic domain security protocols and are prone to domain spoofing tactics. This makes them a potential target for hackers looking to spread disinformation ahead of the election, and criminals who want to take advantage of voter intentions... more

Phishing 2020: A Concentrated Dose of Badness

How much phishing is there? Where is it occurring, and why? How can it be reduced? I and my colleagues at Interisle Consulting have just published a new study called Phishing Landscape 2020, designed to answer those questions. We assembled a deep set of data from four different, respected threat intelligence providers and enriched it with additional DNS data and investigation. The result is a look at phishing attacks that occurred in May through July 2020. more

The Whois Wars Go On

There is a lot of discussion about the Expedited Policy Development Process (EPDP) Phase 2 report on evaluating a System for Standardized Access/Disclosure (SSAD) to non-public gTLD registration data after the decisions taken by the GNSO Council on September 24th. Notably, the Business Constituency (BC) and the Intellectual Property Constituency (IPC) have voted against the adoption of the Final Report of the EPDP team. more

The Competition to Become the Next .eu TLD Registry Is Now Open

I am glad to announce that the European Commission has officially launched the process to select the next Registry for the .eu Top-Level Domain (TLD). This is done through a competitive procedure that will be concluded, by October 2021, with the signature of a service concession contract between the European Commission and the entity that will be entrusted with the organisation, administration and management of the .eu TLD. more

Innovation, Launches and Email: New gTLDs Deliver in Q3 2020

As the third quarter of 2020 winds down, the domain industry continues to show development and progression amid uncertain global economic conditions. From improvements in products and additional TLD launches to growth in .brand email usage and upcoming virtual meetings, the Q3 2020: New gTLD Quarterly Report from our MarkMonitor team has a little something for everyone. more

How Ignorance Can Lead Mark Owners Astray in UDRP Proceedings

The great problem with ignorance is that it leads to disaster when one acts in the belief that he (and not infrequently a corporate "it") is invulnerable to error. The Uniform Domain Name Dispute Resolution Policy (UDRP) is fundamentally a straightforward rights protection mechanism, but as in all clearly written laws, ignorance of its application and of its evidentiary demands can (and generally does) lead to disaster. more

"Objective" and "Objectivity" in UDRP Decision Making

No one will disagree that disputes before arbitral tribunals and courts should be determined on the merits. I have noticed that some Panels appointed under the Uniform Domain Name Dispute Resolution Policy (UDRP) have employed the words "objective" and "objectively" in their recent decisions. In pondering these linguistic choices, it seems to me that there are two possible reasons for their use; the first is more acceptable than the second. more

A Failed Whois Policy

ICANN's two-year effort to purportedly preserve the Whois public directory to the greatest extent possible while complying with GDPR has failed. Under the latest proposal, the Whois database, once a contractually-required directory of domain name registrants, will be gutted to the point of virtual worthlessness, as registrars, registries, academics, and hand-wringing others ignored the public interest and imposed ever-higher barriers to legitimate, GDPR-compliant access to registration data. more

Maximizing Qname Minimization: A New Chapter in DNS Protocol Evolution

Data privacy and security experts tell us that applying the "need to know" principle enhances privacy and security, because it reduces the amount of information potentially disclosed to a service provider -- or to other parties -- to the minimum the service provider requires to perform a service. This principle is at the heart of qname minimization, a technique described in RFC 7816 that has now achieved significant adoption in the DNS. more

The Suitable Defendant Rule: In Rem Jurisdiction under the ACPA

The Anticybersquatting Consumer Protection Act (ACPA) creates two distinct avenues by which mark owners may seek a remedy for cybersquatting. A person who is a suitable defendant under 15 U.S.C. §1125(d)(1)(A) is one over whom the court has in personam jurisdiction. However, if the mark owner is "not able to obtain in personam jurisdiction over a person who would have been a defendant" in the ACPA action, then "[t]he [mark] owner may file an in rem civil action against a domain name in... more

A Responsible Domain Industry Needs a Responsible Registrant Appeals Process

As the steward of .ORG, Public Interest Registry is committed to serving as an "exemplary registry" for the DNS. As part of that mission, PIR published our Anti-Abuse Principles last year that serve as our north star to address questions of abuse. As PIR has stated on many occasions, generally speaking, the DNS is not the appropriate place to address questions of website content abuse because of the blunt tool we as a registry have and the collateral damage that can be caused by suspending a domain name for a piece of content. more

Only Bad Actors Should Worry About the URS

With DNS abuse a topic of increased concern throughout the community, any controversy over adopting the Uniform Rapid Suspension System (URS) for all generic top-level domains (gTLDs) seems misplaced. The URS was designed as a narrow supplement to the Uniform Domain-Name Dispute Resolution Policy (UDRP), applicable only in certain tightly defined circumstances of clear-cut and incontrovertible trademark infringement involving the registration and use of a domain name. more

TLD Maintenance Significantly Improved With the New Registry Maintenance Notifications for EPP

Three years ago, the first Internet-Draft on Registry Maintenance Notifications for the Extensible Provisioning Protocol (EPP) was published, which will become a Request for Comments (RFC). The IETF Registration Protocols Extensions (REGEXT) working group is the home of the coordination effort for standards track EPP extensions. They released eight RFCs over the last couple of years, and they are currently working on more than 15 Internet-Drafts. more

How Will the New .AU Domain Licensing Rules Impact You?

The .AU Domain Administration (auDA) will soon implement new .AU domain administration licensing rules either late this year or early next year. These rules apply to new registrations and around 3 million existing domain names in the com.au, net.au, org.au, and more .AU namespaces... Previously, an Australian trademark application or registration may constitute the required Australian presence for an .AU domain name, but the domain name need not match the trademark. more