Category: Domain Names and ICANN

Congratulations! Your company has come up with a brand new widget that’s going to change the world, and it needs a name. Naturally, in your role as a savvy brand manager, before making any decisions about the new name you check to see whether the domain name for your company’s new product is taken. Read the rest of this entry »

The information below is an update to the following blog posting: How Will ICANN’s Newest Domain Name Program Affect Your Company’s Brand?

Trademark owners outside of the adult industry may sign up with ICM Registry to block trademarks from showing up on its new .XXX gTLD. Trademark owners have been making several common errors when applying for a .XXX gTLD.[1] If your company plans on submitting an application before the Sunrise B October 28, 2011 deadline, keeping these mistakes in mind can help you avoid paying multiple fees and having to reapply.[2]
Read the rest of this entry »

Internet Corporation for Assigned Names and Numbers (ICANN) has instituted a new generic top-level domain (gTLD) program that will create a means for prospective registry operators to apply for new gTLDs, and create new options for consumers in the market. Every domain name around the world ends with a top-level domain (TLD); these are the two or more letters that come after the dot following a web address. Read the rest of this entry »

In mid-February Harvard researchers Tyler Moore and Benjamin Edelman posted their research on the prevalence of typosquatting, the practice of registering and monetizing domains that would likely only be visited on accident when internet users misspell the web address of legitimate websites. Among several findings in their work, titled Measuring the Perpetrators and Funders of Typosquatting, they report that 80% of typo domains lead to pay per click ads, and almost two-thirds of typo domains can be traced to just five individual advertisers using Google AdSense.

Edelman was kind enough to answer a few questions about their research.

Cyveillance: Your paper is premised on the idea that typosquatting unethically diverts traffic from legitimate online destinations. You open one of your paragraphs with the line, “Most large domain registrants present themselves as ‘domain parkers’ or domainers.” Some readers may be confused about your position on domaining as an industry. Can you clarify your stance on domaining in general?

Ben Edelman: I don’t see much genuine value coming from the domaining business. Yes, some users guess domain names, and domainers can cause results to be shown to users who might otherwise receive error messages. But most web browsers already show results that are at least as useful as domainers’ placeholders – often better, with genuine organic results rather than merely advertisements.

Meanwhile, domainers cause some important harms: For one, as detailed in my article, domainers deplete advertisers’ budgets. Domainers also make it more costly for entrepreneurs to obtain the domains required to run actual substantive businesses: A domain might truly be unclaimed, in the sense that no one has ever used it for anything interesting, but a domainer would nonetheless be able to withhold that domain from a would-be user until they agree on a price. Combine these harms with the remarkably widespread ongoing problem of typosquatting, as presented in my article, and the net value-add of domainers is far from clear.

Domainers will vigorously defend their right to advance-register large numbers of domains, as if this is some kind of moral entitlement. I’m not so sure. In many areas, landowners are (and, historically, have been) required to improve their property lest they be a blight or eyesore to others. The analogy here is less direct: Which domains are “near” an unimproved domainer domain? But certainly unimproved domains harm others, by impeding what could be direct navigations, and by driving up costs to others. Indeed, limits on domain purchases have ample precedent – dating back to Jon Postel’s early restrictions on how many domains a single person or entity could request, and similar restrictions in certain ccTLDs. At least as against domainers with thousands, tens of thousands, or even hundreds of thousands of domains, these ideas do ring true to me.

Cyveillance: In your attempts to collect information about the behavior of typosquatting domains, some websites prevented your systems from gathering information about them. Can you discuss which servers attempted to prevent your analysis? Are you aware of any direct or indirect response to your investigation on their part?

Ben Edelman: Google has pointed out that it will disable typosquatting domains in response to a trademark holder’s specific request. Indeed, but what about infractions that come to Google’s attention some other way, such as in my article or in a complaint from the general public? What about infractions that are readily apparent to Google, thanks to Google’s excellent semantic analysis software? Google does as little as it can – letting Google and its partners continue to profit as widely as they can. Once Google is on actual knowledge that a domain is a variation of a trademark – either because a member of the public says so, or because Google’s own software figured it out – I’d like to see Google avoid targeting ads to that domain. And there’s a strong case that that’s exactly the behavior that the ACPA requires.

Meanwhile, trademark holders have ample grounds to be angry. And reading my article, I believe a new set of trademark holders is remembering that there’s more they could do here.

Cyveillance: Many merchants make use of affiliates to promote their products and services on the internet. You mentioned that “Few affiliate merchants affirmatively allow typosquatting, and most disallow it when it comes to their attention.” What recommendations, if any, do you have for merchants in this situation? Why do you believe most do not prohibit typosquatting among their affiliates to begin with?

Ben Edelman: An easy first step is a specific contractual prohibition on affiliates registering or using typosquatting domains. But merchants then need to follow through on this prohibition by implementing effective, robust enforcement. And merchants would do well to penalize violators, including through litigation. Recall Lands End v. Remy, wherein Lands End sued several LinkShare affiliates who had used typosquatting domains to claim affiliate commissions they had never properly earned.

Cyveillance: Your article states that there are “two main uses for traffic diverted to typo domains: placing pay-per-click ads and redirecting to other (often competing) domains.” Both situations cost brand owners money. This may seem obvious, but just to be sure: which is worse for a brand owner in your opinion?

Ben Edelman: They’re both unlawful, and they’re both unacceptable.

Cyveillance: You conclude by offering that the parties with the most ability to reduce typosquatting are the ad platforms of Google and Yahoo. Do you expect to see either company modify its practices based data like that found in your investigation?

Ben Edelman: I see the two main ways to compel ad platforms to change their practices: litigation and public outcry. Both are underway.

Cyveillance: Based on your research what advice do you have for brand owners when faced with the problem of typosquatting?

Ben Edelman: Trademark owners need not write off typosquatting as an unavoidable cost of doing business. Perpetrators are identifiable, and legal remedies are clear. In few other contexts do sophisticated companies sit back and let themselves get cheated. I don’t see why they’d want to do that here.

The public interest in supporting competition and protecting end-users does not support elimination of the current separation of Registry and Registrar ownership. The end result would be further consolidation of the top tier registrars, gaming of the loopholes in the current contractual reciprocity provisions, and potential increased brand abuses. These changes would, in conclusion, present a severe negative impact on competition among Registries and among Registrars and harm to end users.

Because several registrars own vast domain portfolios, the equal access and vertical separation requirements also have the positive effect of preventing particular registrants from having privileged access to domains in particular registries. Relaxing the requirements could inhibit competition in the market for domain names. Worse, it could make it essentially impossible for brand owners to prevent abusive registrations of their domains in registries where a particular registrant has a pre-emptive ability to register domains. Therefore, preventing registrants from gaining privileged access to particular registries is a compelling reason to preserve the vertical separation requirements. Because of the dangers of the competitive abuses described above, Cyveillance strongly urges the ICANN Board to maintain the separation in the current ICANN contracts and ensure the implementation of regulations that will maintain this clear separation.

More information as well as the opportunity to comment on the proposed change can be found at http://www.icann.org/en/public-comment/.

There are only a few days left to make a difference regarding the future of online corporate identity. December 15, 2008 is the revised deadline to submit comments to ICANN (the Internet Corporation for Assigned Names and Numbers) regarding the proposed application guidelines for the recently approved gTLD (generic top-level domains) policy. This affects all of us and the impact is potentially far-reaching and permanent.

ICANN, the governing body for the policy setting and management of Internet domains recently adopted a new policy to allow virtually unlimited generic gTLDs. For example, in place of “.com” “.org” or “.net, you could register domains that end in your own company name or brand. For example, Cyveillance could register “.cyveillance” as its gTLD. ICANN has promoted this new policy in the name of innovation, choice and change on the Internet. However, after close review and consultation with our own subject matter, fraud and legal experts, Cyveillance believes these new options pose no real benefits to our clients or their customers and, in reality, would expose them to significant online risks, serious loss of brand equity and will undermine online consumer confidence worldwide.

As ICANN moves forward toward implementation and outlining their processes and procedures, it is readily apparent to Cyveillance that there are serious and dangerous flaws in their approach. Close scrutiny of the proposed procedures reveal:

1) little to no protection for global trademark holders;
2) excessive administrative costs for applicants;
3) virtual total control by ICANN with no accountability;
4) exposure to increased fraud and legal liabilities for brand owner; and,
5) easy access and control for unscrupulous entities to core Internet infrastructure components and ultimately threatens Internet commerce around the globe.

The following are some major concerns Cyveillance has with the proposed implementation of the ICANN policy:

• The gTLD application fee will be $185,000.00 for a single gTLD and it must be acknowledged that it is only “to obtain consideration” of an application and offers no guarantee that the application would be granted (the cost of registering a “dot com” domain is approximately $20). Given that there are currently over 180 million .com domains the total potential revenue to ICANN could be in the trillions of dollars. If only the Global 2000 applied, the administration cost alone (using ICANN’s own estimates) would be $370 Billion. Note that this estimate would only cover their corporate name and not their individual brand names and no other variation of the brand in order to protect them from cybersquatting or typopiracy.
• The proposed gTLD guidebook provides that any community-based applications will take priority in the proposed application process. Enterprises and companies would have little recourse in acquiring gTLDs containing their own company or brand names. For example, if the International Brotherhood of Magicians (http://www.magician.org) wanted to register “.IBM” according to the proposed procedures, they would potentially have priority over “.IBM”, not IBM Corporation. This outcome would not only cause market confusion but would lay the foundation for potential fraud targeting consumers worldwide.
• If no community-based applications are presented other enterprises competing for a gTLD could be determined either between the competing parties or through an auction process (the one with the most money offered wins). There is no guarantee that the most appropriate trademark owner would retain a gTLD containing their brand name.
• When objections arise, ICANN has devised a process whereby any dispute will be decided by a single arbitrator appointed by WIPO (World Intellectual Property Organization) with preference given to the community-based applicant. There is a very serious potential legal problem by giving ultimate decision making authority to a single arbitration panelist appointed by an outside body. A process called “DRSP” (Dispute Resolution Service Provider) – a new form of a UDRP (Uniform Domain-Name Dispute-Resolution Policy, formed by ICANN) – can be filed and ICANN will appoint a single arbitration panelist to make the final determination.
• However, the arbitration panelist decision will be final and will require all applicants to waive all legal rights including the right to bring suit to overturn arbitrary or groundless decisions by a panelist. These arbitration decisions have the force of law and cannot be appealed. ICANN would have complete authority and brand owners would have little or nor ability to object. It also puts ICANN in the position of being an international governmental body – executive, legislative and judicial, all wrapped up in one.
• Also, very importantly, ICANN is considering registry-registrar cross ownership. For instance a large corporation like IBM could select a company to manage their .IBM gTLD and they would act as manager of the domain (both registrar and registry). This could be easily exploited by fraudsters and criminal syndicates that could control the Registry/Registrar/ISP chain thereby making it nearly impossible to take a fraudulent site down or provide little recourse to the affected company.
• There are no mechanisms in place to ensure that a company awarded the registry/registrar application will have the resources (knowledge, technology and capital) to ensure the reliability and availability of the gTLD. For example Registry standards require six 9’s. i.e. 99.9999% reliability, availability etc. This could easily degrade performance and accessibility of all sites falling under certain new gTLD. The result could affect both the performance and security of not only a web site but email, applications and all infrastructures related to the new gTLD.
• The potential for fraud is unlimited – organized criminal entities would have an equal opportunity to apply for these domains throughout this process. It will be even more difficult for companies to protect their customers from fraud through the use of their brand or become the victims of extortion by those who would hold the gTLD (with their legal trademark) for ransom. It will create an unprecedented confusion in the consumer market where a consumer will be unable to distinguish which is the VALID Domain: IBM.com/Sales or Sales.IBM.
• Many large companies spend millions of dollars to manage their other domains. As a defensive tactic, these companies have purchased hundreds and possibly thousands of domains, mostly to simply protect their trademarks and brands. This new ICANN policy will not eliminate the need for defensive registrations as some have claimed, but will actually increase the need, adding significant management time and expense to fully protect their brand and their customers.

Cyveillance is not a registry or registrar and we do not receive any direct benefit regardless of the success or failure of this new policy. At Cyveillance our highest priority is to protect our clients and their brands from online threats.

Corporations and their brands will always need protection from unauthorized use, and therefore we will continue to work on our clients’ behalf to patrol the open source Internet as it continues to evolve. We believe that this new ICANN policy, once implemented, would have the potential to be extremely damaging and ultimately irreversible.

We highly recommend that you read through these issues and learn more about them. You can go to http://www.icann.org/en/topics/new-gtld-program.htm to learn the full details of the program and strongly encourage you to share this with the appropriate affected groups in your company.

For greater impact, we also strongly encourage you to submit your comments directly to ICANN. You can find the instructions on how to submit comments here: http://www.icann.org/en/topics/new-gtlds/comments-en.htm

Cyveillance has recently observed an increase in the volume of spam email related to a domain registration scam. This scam typically targets individuals in Fortune 500 companies and attempts to create a sense of urgency around the need to register country code top-level domains (ccTLDs) before a fictitious holding company purchases them, making them unavailable. Many of the ccTLDs we have seen include:

• net.cn
• org.cn
• hk
• tw
• com.tw
• asia

The scammers portray themselves to be good corporate citizens by informing companies of the registration inquiry. However, we know better. Their agenda is to try to entice the target company to register the Asian domains quickly at a superficially high rate.

Cyveillance recommends the following actions if/when someone in your organization receives one of these emails.

1. Follow your company’s Domain Registration Policy. If you would like to own any of the domain names listed in the scam email, contact a reputable registry to purchase these domains though your normal channels.
2. Delete and ignore the messages as you do with conventional spam. You are not required to take any action, so do not respond or engage in negotiations with the scammers at all.
3. It is still your trademark/brand and you have a right to defend it. You should not be extorted into buying domains prematurely. If any of the domains listed in the emails are ever registered by companies that do not have a relationship with you, you have the right to send Cease & Desist letters or to engage in the UDRP process to recapture that domain.

Shown below is just one example of the emails received.

From: xxxxxxxxxxxxxxxxxxxxxxxxxx
Sent: Wednesday, August 20, 2008 5:18 AM
To: xxxxxxxxxxxxxxxxxxxxxxx
Cc: Platinum Card Mailbox
Subject: xxxxxxxxxxxxxxxxx Domain Names

Dear CEO,

We are SK Net Service Company Ltd, which is the domain name register center in China.I have something need to confirm with you.
we have received an application formally,one company named “MAIRHK Holdings Limited” applies for the domain names
xxxxxxxxxxxxxxxx.net.cn
xxxxxxxxxxxxxxxx.org.cn
xxxxxxxxxxxxxxxx.hk
xxxxxxxxxxxxxxxx.tw
xxxxxxxxxxxxxxxx.com.tw
xxxxxxxxxxxxxxxx.asia
and the internet Brand Name(xxxxxxxxxxxxxxxx)on the internet Aug 19, 2008. We need to know the opinion of your company, because the domain names and keywords may relate to the usufruct of brand name on internet.
we would like to get the affirmation of your company, please contact us by telephone or email as soon as possible. Please let someone in your company who is responsible for trademark or intellectual right contact me freely.

Best Regards,

Rock.Tian
Sponsoring Registrar:
SK Net Service Company Ltd
Add: 3A, Units 20/F, Far East Consortium Bldg,
121 Des Voeux Road, Central, Hong Kong
Tel: +852-3075 9838
Fax:+852-3177 1510 +852-3177 1520
website:www.sknetservice.hk