Tag Archives: nominet

ICANN: EBERO Providers Selected: Continued Protections for Registrants

ICANN today [26 Aug] announced that it has selected China Internet Network Information Center (CNNIC), the Canadian Internet Registration Authority (CIRA), and Nominet as its Emergency Back-end Registry Operator (EBERO) providers.

An EBERO provider is temporarily activated if a generic Top-Level Domain (gTLD) operator is at risk of failing to sustain critical registry functions. Ensuring the availability of these functions protects registrants, also known as domain name holders, and provides an additional layer of protection to the Domain Name System (DNS), and industry ecosystem.

“CNNIC, CIRA, and Nominet all have the experience, staff, and systems required to execute an efficient transition should an EBERO event occur,” said Cyrus Namazi, Senior Vice President of ICANN‘s Global Domains Division. “Their geographic diversity is also a benefit, enabling nearly continuous coverage across multiple time zones, and the ability to provide services in multiple regions in case of local disasters.”

“We are honoured to be among this select group of trusted registry operators. In a short time period, the CIRA Registry Platform and DNS have been recognized as among the most advanced and robust platforms for managing a top-level domain,” said Dave Chiswell, vice president, product development, CIRA. “When we transitioned .CA to our new platform we incurred only eight hours of downtime. Our technology and know-how enable us to migrate a registry quickly and will be essential should our services ever be required in an emergency.”

EBEROs have demonstrated years of experience in operating domain name services, registration data directory services and extensible provisioning protocol services. Additional requirements for the EBERO service are noted in the Request for Proposal published here.

Click here for more information about the EBERO Program.

About ICANN

ICANN‘s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from: https://www.icann.org/news/announcement-2019-08-26-en. It also includes an additional quote from CIRA’s Dave Chiswell.

Nominet Cybersecurity Technology Helps Drive Haas F1 Team

Starting with the Azerbaijan Grand Prix last weekend, the Rich Energy Haas F1 Team deployed Nominet’s cybersecurity technology NTXsecure, which enables proactive cybersecurity with both DNS analytics and a fully managed DNS resolver. The technology, Nominet explains, is capable of automatically categorising and applying policy to potentially billions of queries to eliminate malware, phishing and data theft from the network.

Nominet, the ccTLD manager for .uk as well as providing backend registry services for 36 new gTLDs, will see their NTX cybersecurity technology implemented to keep Haas’ data networks secure, benefitting from its ability to analyse DNS (Domain Name System) traffic to predict, detect and block threats from the network before they cause harm.

“Data security is imperative for us with offices in the United States, United Kingdom and Italy,” said Guenther Steiner, Team Principal of Rich Energy Haas F1 Team. “I’m pleased we’re now able to utilize the expertise of Nominet as we compete globally, and in a fast-moving business that depends heavily on protecting items such as intellectual property (IP) and performance data. We welcome Nominet to our partner portfolio and I look forward to working with them in our areas of mutual interest.”

Commenting on the benefits of the partnership Rich Energy Haas F1 Team Chief Information Officer Gary Foote said; “Cybercrime and data security are amongst the biggest threats facing both industry and sport right now. It represents a huge challenge to technology professionals tasked with securing their businesses data and IP – both of which are critical assets. Given I’m responsible for ensuring adequate protection for our brand, and on a global scale, I must deploy all necessary systems and tools required to ensure we are continuously at the cutting edge of security technology. Deploying NTXsecure from Nominet is the next phase of our strategy. I’ve been hugely impressed by the embedded deep packet inspection and machine learning technology that’s been developed – which now underpins our proactive approach to data security. This ensures threats are continuously stopped at the boundaries of our network, even as new threats emerge.”

Chief Executive Officer at Nominet, Russell Haworth remarked; “Our partnership with Rich Energy Haas F1 Team has natural synergies. Both organizations are highly innovative in their approach and we are delighted to be chosen to drive their cyber security strategy by utilising DNS to remove network threats and protect their intellectual property. With NTXsecure, the team now has an innovative security solution at the DNS level, and it gives us the opportunity, at a global level, to help spread the word about how important this element of cyber security is. The back door to data for cyber criminals is via the DNS, so it needs to be protected – Nominet NTX can do this.”

“Our fully managed DNS resolver solution, NTXsecure, will enable us to detect and quickly respond to threats in real time to continuously improve Rich Energy Haas F1 Team’s resilience to the ever-changing threat landscape faced today,” said Simon Whitburn, Managing Director of Cyber Solutions at Nominet. Designed to be flexible to suit the demands of all modern enterprise today, Nominet NTX removes the known bad by using threat intelligence, and, crucially by applying our unique algorithms, eliminates the unknown bad. This is of critical importance in the CISO’s battle to remove cyber threats and our approach significantly reduces the window of compromise through proactive cyber security at the DNS level.”

Nominet Spreads Its Wings Westward to North America With Security Services Offering


Nominet, best known as the .uk ccTLD registry operator, has spread its wings to North America, opening an office in Washington D.C. But the new office isn’t to sell its registry services, but to sell their security services.

Announcing their office opening, Nominet tout themselves as a “security specialist enabling threat monitoring and detection, prevention and analytics at the DNS level, today made its official launch into the North American market.”

This security service “supports organisations wanting deeper visibility and the ability to pinpoint threats through massive data noise, and stop them instantly. The new capabilities are differentiated from competitive offerings that don’t operate at the DNS level, with deep inspection technology uniquely suited to identify and block threats such as targeted malware, ransomware, phishing, Zero Days, APTs, and data exfiltration attempts.”

Nominet has been diversifying in recent years. From its origins as the .uk country code top level domain registry, it’s now using that expertise to provide registry services to the .wales and .cymru new generic top level domains, which together have 20,260 registrations, as well as backend registry services for another 34 new gTLDs making them the fifth largest by domains under management with 1.873 million domain names and eighth largest by new gTLDs with 36. And now Nominet is using its expertise on the security front, providing security services to companies that want them. They’re one of a number of TLD registries diversifying and providing their expertise to both other registries and other sectors. Some examples are DENIC, SIDN, nic.at and CIRA.

“We feel like a new company despite a 22-year history in infrastructure security, and we’re excited to enter the North American market with a distinctive and proven set of skills and offerings,” said Russell Haworth, CEO of Nominet. “We’re proud of our expertise and experience in critical infrastructure—in 2017 alone, Nominet analysed over 3TB of data across the U.K. public sector and blocked 2.5 million malicious requests—and we look forward to working with U.S. organisations to enhance their security strategies and implementations.”

In announcing their new office, Nominet promote their new security service, Nominet NTX, by saying:

Whilst enterprises typically have numerous security layers, Nominet operates at a vital nexus: All networks rely on DNS traffic, which makes it a critical source of information for specific threats to the network. This area often gets overlooked in the security stack. Meanwhile, leveraging its long experience analysing data for threats, Nominet’s security researchers can identify malicious domains even before they register on standard threat feeds.

There is certainly broad-scale awareness of this critical issue: In a new study conducted by Nominet in partnership with Osterman Research, CISOs at over 30 large enterprises, a full 97% of respondents, say they see the value in monitoring, threat detection, attack blocking and analytics at the DNS level to enhance security; the few others didn’t know or were unsure. The fact is, many large organisations are, or believe they are, monitoring at that level already, yet the reality is less definitive: Even enterprises with significant resources dedicated to security may lack the technologies needed to analyse billions of DNS data packets in real time, as optimal to identify today’s threats.

Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Almost 33,000 .uk domain names were suspended in the 12 months to the end of October 2018 following notification from the police or other law enforcement agencies that the domain name was being used for criminal activity. Continue reading Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Nominet Donating Minimum of £200k To BBC’s Children in Need

Nominet, best known for managing .uk, is donating £1 for every new .uk domain name registered to BBC Children in Need until Monday 19th November. With a minimum commitment of £200k from new domain registrations, funds raised will go towards projects that use digital or new technology to support disadvantaged children and young people across the UK.

Money raised through new domain registrations, including those ending in .co.uk, .uk, me.uk and org.uk, will go on to support projects using digital to produce strong outcomes for children and young people. For example, clubs which provide technology sessions for children and young people affected by poverty and social exclusion, with the aim of helping them develop and gain new digital skills, whilst learning about new software technology, coding, robotics and digital arts.

“We’re focused on delivering public benefit initiatives that support a vibrant digital future, so it makes perfect sense for us to partner with BBC Children in Need to fund projects that engage and develop the skills of children and young people who might otherwise be excluded from the opportunity that new advancements in tech, digital skills and online inclusion can provide,” said Russell Haworth, CEO, Nominet. “We need to stamp out the growing digital divide, so the more young people who are able to make the most of being online and derive benefits from tech, the better. We hope our donation from domain registrations will go some way to help enable this.”

“It’s great that the funding raised by Nominet will support projects which utilise technology to support disadvantaged children and young people,” said Simon Antrobus, Chief Executive at BBC Children in Need. “We are excited about the benefits this funding will bring and are delighted to have Nominet on board as new partner for 2018.”

BBC Children in Need is currently supporting over 2,700 projects in communities across the UK that are helping children and young people facing a range of disadvantages such as living in poverty, being disabled or ill, or experiencing distress, neglect or trauma. Further information on BBC Children in Need can be found at bbc.co.uk/Pudsey.

With the proceeds of its successful registry business and cyber security services, Nominet has donated over £45m to tech for good initiatives helping over 10 million people. Its aim is to achieve lasting social impact focusing on enabling positive change on a range of emerging issues born out of our digital age such as online safety and digital inclusion, to existing social challenges where technology can play a pivotal role, and is committed to improving the lives of one million people a year. Find out more about Nominet public benefit initiatives here – https://www.nominet.uk/about/public-benefit/

Under this initiative Nominet will donate £1 to Children in Need for each new, paid for domain registration for the country code top level domain (ccTLD) ending in .co.uk, .uk, .org.uk, .me.uk, .ltd.uk, .plc.uk and .net.uk.

CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Complaints Made About 0.0065% Of .UK Domain Names in 2017

A total of 712 complaints relating to 783 domains, representing just 0.0065% of the domain names on the .uk register, were made in 2017 according to Nominet’s annual summary of domain name disputes brought before its Dispute Resolution Service (DRS).

Over half of the complaints (55%) in 2017 in the .uk country code top level domain (ccTLD) resulted in a domain transfer. By comparison, there were 703 complaints in 2016, 53% of which resulted in a domain transfer.

The year also saw an increase to 15% in the number of disputes resolved with the domain name being voluntarily transferred to the Complainant by the Respondent upon receipt of the complaint. In 2016, 10% of complaints were resolved in this way.

“Thanks to the efficient DRS processes in place and the many Experts who generously offer their time and expertise, we can see in the numbers that the DRS is continuing to prove a useful tool for .UK customers,” said Russell Haworth, Nominet’s Chief Executive. “A steady increase in the number of .uk second level domain names being disputed year on year – almost doubling since 2015 – also reflects how the shorter domain is increasing in popularity and importance for individuals and businesses.”

Brands such as Jaguar Land Rover, Clydesdale Bank Plc, Virgin Enterprises Limited, Moncler S.p.A., “Dr. Martens” International Trading GmbH and the Sony Corporation used the DRS in 2017.

Other users of the service included St Neots Town Council, the fashion designer Philipp Plein, The Commissioners For HM Revenue And Customs, The Secretary Of State For Health and Puddy Cats Cattery in Maplethorpe.

“The increase in disputes relating to .uk second level domains is an interesting point. The Right of Registration that some .co.uk Registrants hold over the corresponding .uk domain name comes to an end on 10 June 2019,” said Nick Wenban-Smith, General Counsel at Nominet. “In the next two years this could lead to a further increase in the number of .uk domain names being subject to disputes as more and more potentially desirable names are made available to be registered on a first-come first-served basis. To avoid such a dispute, it’s important for .co.uk owners to review their options and act sooner rather than later.”

In their announcement, Nominet highlighted the following cases resolved through what they describe as their award-winning Dispute Resolution Service (DRS):

  • guntree.org.uk

The Complainant, Gumtree.com Limited, is  a wholly owned subsidiary of eBay Inc. It operates an online classified advertisement website, and has registered the trade mark “GUMTREE”.  The Respondent argued that GUNTREE has been derived from the artistic concept of a tree made of guns or an artistic gun made from wood.  GUNTREE advertises weapons to a specific market and therefore, does not offer the same services as the Complainant.  The independent Expert agreed with the Complainant’s claim that there is an overlap between the two sites which is likely to confuse Internet users.  Domain transferred.

  • victoriasecretbeauty.co.uk

The Complainant was Victoria’s Secret, an American designer and manufacturer of women’s lingerie and beauty products. The Respondent was a beauty therapist, operating a salon in Mayfair, London.  The Respondent claimed not to have known about the Victoria’s Secret brand at the time when the Domain Name was registered. In the view of the Expert, “this is not a credible claim, particularly taking into account that the Respondent operates in field of beauty services”.  Domain Transferred.

  • cybfx.co.uk

The complaint was brought by Clydesdale Bank PLC (Clydesdale and Yorkshire Bank), after they found that the domain name had been registered by someone who was asking for almost £100,000 in return for transferring the registration. The Expert agreed with the Complainant: that on the balance of probabilities the Respondent noted the Complainant’s trade mark application and purposefully registered the domain name in order to then sell it specifically to the Complainant at a later date.  Domain Transferred.

  • dignity.co.uk

The Complainant was Dignity Funerals Ltd, and the Respondent was an individual who had previously entered into a coexistence agreement with the Complainant’s predecessors in title, providing financial and insurance services through his companies.  The Expert stated “it does not appear the Respondent is doing anything that is confusing Internet users”, and that “dignity.co.uk shall remain with the Respondent”.  The Complainant appealed against this decision, but a panel of three members of the DRS Experts’ Review Group dismissed the appeal, whilst upholding a finding of ‘Reverse Domain Name Hijacking’ – using the DRS in bad faith.

Nominet also highlighted the following additional statistics:

  • In 2017 there were three appeals. Two appeals upheld original No Action findings. In the third Appeal case, the Appeal Panel agreed to combined two cases together for a review and two domain names were returned to the original Registrant.
  • The most common industries were Automotive (9) Electronics and Fashion (8 respectively), Retail (7) and Banking & Finance (6)
  • The year saw cases bought by complainants from 29 different countries, led by the UK (553) followed by the US (42), Germany (27) and France (20). Respondents came from 34 different countries. Again, the UK leads with 598 respondents, with the US second (17) and China third with 15
  • The overall average length of time DRS cases take from being filed to being closed was 57 days
  • Mediated cases took an average of 56 days to resolve in 2017 compared with 47 days in 2016. Cases being resolved by a Summary Expert decision took the same time that they did in 2016 (62 days), whilst Full Decision cases took on average 4 days less.
  • The majority of cases (87.5%) involved .co.uk domains, 6% were .org.uk or .uk domains and 0.5% were .me.uk
  • Court costs avoided in 2017 were almost £7 million – assuming court and legal fee savings of £15k per complaint that progresses into formal dispute resolution

Public Interest Registry joins the Internet Watch Foundation

Public Interest Registry has joined the Internet Watch Foundation as a Member, in a move which reinforces its commitment to protecting billions of internet users and the child victims of disturbing sexual abuse images and videos.

As the operator of .org, .ngo and .ong domain names, Public Interest Registry has over 10 million domains under management globally. By joining the IWF, Public Interest Registry is helping to further prevent the spread of child sexual abuse content.

PIR joins other registry operators such as Nominet, Afilias, Donuts (along with Rightside who they took over in 2017), ICM Registry (recently taken over by Minds + Machines), Dot London, webhost and registrar Names.co.uk as well as DNS Filter and Linx – the London Internet Exchange, who are all among the 130 members of the organisation that works internationally to make the internet safer by removing images of child sexual abuse.

Though a small organisation, Public Interest Registry, which is based in Reston, Virginia, operates popular domains that the world counts on to be platforms for the public interest. Its values have been echoed in this important move to join the IWF.

“The IWF represents the companies that are defining how the world tackles online child sexual abuse,” said Susie Hargreaves OBE, IWF CEO.

“With 137 organisations joined up as Members of the IWF, we now have more Members than ever before. These companies include some of the giants of the internet world, through to smaller filtering companies. What unites them, is their commitment to do the right thing.

“We can’t thank Public Interest Registry enough for joining us as a Member. It means that so many more domain names are now protected from child sexual abuse content. In turn, this is protecting billions of users of websites on these domains, as well as the victims themselves.”

“IWF’s global mission to eliminate online child sexual abuse imagery is among the most important work being done on the internet,” said Elizabeth Behsudi, Vice President and General Counsel at Public Interest Registry.

“Public Interest Registry is committed to making the .org domain space a safe and trusted environment for everyone. We are proud to work with the IWF and support the incredibly important services they provide.”

.IS, .NO and .UK Announce How They’ll Comply With the EU’s GDPR

The GDPR is coming and a number of ccTLD registries are giving registrars heart palpitations. It’s a month till the European Union’s General Data Protection Regulation comes into play and the Icelandic, Norwegian, Slovakian and United Kingdom ccTLD operators are only just announcing how they’ll deal with it.

For Iceland’s .is they will stop publishing names, addresses and telephone numbers of personal contacts by default from the ISNIC WHOIS database. For individuals who wish to continue to publish their information, they must log in, go to “My Settings” and select “Name and Address Published”.

ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal. However the Icelandic country code top level domain isn’t happy with the new regulation. They note the GDPR “will neither lead to better privacy nor a safer network environment.”

For the sake of the internet community, e.g. Individual users, Service Providers, Hosting Companies, and many other stake holders, ISNIC will continue to publish email addresses and the country name of all contact types until further notice.

For NORID, the registry for Norway’s .no, they have made a few changes to their policies that come into effect on 5 May. NORID state they will “only collect data that we need, and that the domain holder shall be informed about which data is being processed by Norid. Starting on 5 May, we will collect less data about the holder than what we currently do.” Following consultation with the with the Norwegian Data Protection Authority, NORID will launch a new version of WHOIS on 22 May.

And Nominet, the .uk registry, has announced their changes. Following a consultation period that outlined their proposed changes that were published for comment between 1 March and 4 April, Nominet have announced that:

  • Registrant data will be redacted from the WHOIS from 22 May 2018, unless explicit consent has been given.
  • Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
  • Other interested parties requiring unpublished information will be able to request access to this data via our data disclosure policy, operating to a 1 working day turnaround.
  • The registration policy for all .UK domains will be standardised – replacing the separate arrangements currently in operation for second and third-level domains.
  • The .UK Registrar Agreement will be updated, renamed the .UK Registry-Registrar Agreement, and will include a new data processing annex.
  • The existing Privacy Services framework will cease to apply.

“We have taken a conservative approach to publishing data, to ensure that we do not fall foul of the new legislation,” said Nominet COO Ellie Bradley. “While, as a result, we will be publishing less data on the WHOIS – we have comprehensive procedures already in place that ensure that we will continue to respond swiftly to requests for information to pursue legitimate interests.”

The proposals also outlined an approach to replacing the existing privacy services framework with recognition of a Proxy Service offered by registrars. In response to the feedback, Nominet has decoupled this proposal from the bulk of the GDPR-related changes and will consult further on this topic in June 2018.

Nominet Add To The Registrar Nightmare As They Finally Announce Proposed .UK Whois Changes For GDPR Compliance

On 1 March Nominet finally announced how they’re proposing to deal with the upcoming General Data Protection Regulation, with a consultation to run until 4 April and then Nominet will have to finalise their plans with the regulation to come into place on 25 May. The situation is a nightmare for registrars who have to plan and implement changes for all top level domains impacted by the GDPR.

As EPAG’s Managing Director Ashley La Bolle told Domain Pulse (the blog) following the Domain Pulse conference in Munich in late February:
“The domain industry has been really late to the game on GDPR implementation. It’s already March and we are just beginning to see real progress regarding contractual and technical changes for the GDPR. We expect to receive a lot of last-minute changes from registries in the next couple months. Although we’re not thrilled about having to make last-minute changes to system settings, we still prefer registries to make those changes before May so we can ensure compliance.”

In case you don’t know what is the GDPR, it’s data protection regulation intended harmonise data protection laws across the EU and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services. The new regulation applies to businesses within the EU, or any business in the world that collects data on European citizens, such as when someone is registering a domain name. With any data that is collected, it is imperative that those collecting the data have clear and freely given consent from the individual. Huge fines apply for any organisation contravening the GDPR of up to €20 million or 4% of the company’s global annual turnover of the previous financial year.

For the changes Nominet is proposing for .uk, as with most ccTLD registries, they have allowed the domain name registrant information, also known as Whois, to be publicly available for their domain names. However in the new proposal all registrant information will be hidden. But Nominet’s concerns don’t just deal with .uk. They also manage .wales and .cymru, and Nominet, like all other generic top level domain registries have to wait until ICANN finalise how they will resolve the issue.

We have opened a comment period from today until 4 April on our .UK proposals to comply with GDPR legislation.

In summary, Nominet proposals are as follows:

  • From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
  • For registrants who wish for their data to be published in the WHOIS, we will provide appropriate mechanisms to allow them to give their explicit consent.
  • We will continue to work in the same way as now with UK law enforcement agencies seeking further information on specific domain names via our existing data release policy and via an enhanced version of our Searchable WHOIS service, available free of charge.  Those users will have automatic access to the names and addresses we hold.
  • Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
  • The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance.  Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
  • The proposed new .UK Registry-Registrar Agreement (RRA) includes a new Data Processing Annex.  This sets out terms for how we would work with our registrars when processing registrants’ personal data during the registering, renewing, transferring or managing of .UK domain names to ensure GDPR compliance.
  • The Privacy Services Framework will be replaced with recognition of a Proxy Service, within a new .UK RRA to allow registrars to offer proxy services to registrants who do not wish to have their details passed to Nominet.
  • Additionally, we propose changing the rules for the data we collect for domain names that end in second-level .uk domain registrations, such as example.uk. We will no longer require a UK ‘address for service’ bringing this into line with third-level .UK domains such as example.co.uk, example.org.uk and so on.

Further details including links to all redline copies of the relevant documentation are available here. You can find just the redline versions here. 

A webinar for Nominet members to hear more about our proposals will take place on Wednesday, 7 March from 2.00-3.00pm GMT.

These changes cover the .UK namespace. Pending outcome of ICANN discussions, and feedback from this comment period, Nominet will set out our proposed approach for GDPR compliance for .cymru and .wales domains.