Tag Archives: .uk

ICANN: EBERO Providers Selected: Continued Protections for Registrants

ICANN today [26 Aug] announced that it has selected China Internet Network Information Center (CNNIC), the Canadian Internet Registration Authority (CIRA), and Nominet as its Emergency Back-end Registry Operator (EBERO) providers.

An EBERO provider is temporarily activated if a generic Top-Level Domain (gTLD) operator is at risk of failing to sustain critical registry functions. Ensuring the availability of these functions protects registrants, also known as domain name holders, and provides an additional layer of protection to the Domain Name System (DNS), and industry ecosystem.

“CNNIC, CIRA, and Nominet all have the experience, staff, and systems required to execute an efficient transition should an EBERO event occur,” said Cyrus Namazi, Senior Vice President of ICANN‘s Global Domains Division. “Their geographic diversity is also a benefit, enabling nearly continuous coverage across multiple time zones, and the ability to provide services in multiple regions in case of local disasters.”

“We are honoured to be among this select group of trusted registry operators. In a short time period, the CIRA Registry Platform and DNS have been recognized as among the most advanced and robust platforms for managing a top-level domain,” said Dave Chiswell, vice president, product development, CIRA. “When we transitioned .CA to our new platform we incurred only eight hours of downtime. Our technology and know-how enable us to migrate a registry quickly and will be essential should our services ever be required in an emergency.”

EBEROs have demonstrated years of experience in operating domain name services, registration data directory services and extensible provisioning protocol services. Additional requirements for the EBERO service are noted in the Request for Proposal published here.

Click here for more information about the EBERO Program.

About ICANN

ICANN‘s mission is to help ensure a stable, secure, and unified global Internet. To reach another person on the Internet, you need to type an address – a name or a number – into your computer or other device. That address must be unique so computers know where to find each other. ICANN helps coordinate and support these unique identifiers across the world. ICANN was formed in 1998 as a not-for-profit public-benefit corporation with a community of participants from all over the world.

This ICANN announcement was sourced from: https://www.icann.org/news/announcement-2019-08-26-en. It also includes an additional quote from CIRA’s Dave Chiswell.

Nominet Spreads Its Wings Westward to North America With Security Services Offering


Nominet, best known as the .uk ccTLD registry operator, has spread its wings to North America, opening an office in Washington D.C. But the new office isn’t to sell its registry services, but to sell their security services.

Announcing their office opening, Nominet tout themselves as a “security specialist enabling threat monitoring and detection, prevention and analytics at the DNS level, today made its official launch into the North American market.”

This security service “supports organisations wanting deeper visibility and the ability to pinpoint threats through massive data noise, and stop them instantly. The new capabilities are differentiated from competitive offerings that don’t operate at the DNS level, with deep inspection technology uniquely suited to identify and block threats such as targeted malware, ransomware, phishing, Zero Days, APTs, and data exfiltration attempts.”

Nominet has been diversifying in recent years. From its origins as the .uk country code top level domain registry, it’s now using that expertise to provide registry services to the .wales and .cymru new generic top level domains, which together have 20,260 registrations, as well as backend registry services for another 34 new gTLDs making them the fifth largest by domains under management with 1.873 million domain names and eighth largest by new gTLDs with 36. And now Nominet is using its expertise on the security front, providing security services to companies that want them. They’re one of a number of TLD registries diversifying and providing their expertise to both other registries and other sectors. Some examples are DENIC, SIDN, nic.at and CIRA.

“We feel like a new company despite a 22-year history in infrastructure security, and we’re excited to enter the North American market with a distinctive and proven set of skills and offerings,” said Russell Haworth, CEO of Nominet. “We’re proud of our expertise and experience in critical infrastructure—in 2017 alone, Nominet analysed over 3TB of data across the U.K. public sector and blocked 2.5 million malicious requests—and we look forward to working with U.S. organisations to enhance their security strategies and implementations.”

In announcing their new office, Nominet promote their new security service, Nominet NTX, by saying:

Whilst enterprises typically have numerous security layers, Nominet operates at a vital nexus: All networks rely on DNS traffic, which makes it a critical source of information for specific threats to the network. This area often gets overlooked in the security stack. Meanwhile, leveraging its long experience analysing data for threats, Nominet’s security researchers can identify malicious domains even before they register on standard threat feeds.

There is certainly broad-scale awareness of this critical issue: In a new study conducted by Nominet in partnership with Osterman Research, CISOs at over 30 large enterprises, a full 97% of respondents, say they see the value in monitoring, threat detection, attack blocking and analytics at the DNS level to enhance security; the few others didn’t know or were unsure. The fact is, many large organisations are, or believe they are, monitoring at that level already, yet the reality is less definitive: Even enterprises with significant resources dedicated to security may lack the technologies needed to analyse billions of DNS data packets in real time, as optimal to identify today’s threats.

Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Almost 33,000 .uk domain names were suspended in the 12 months to the end of October 2018 following notification from the police or other law enforcement agencies that the domain name was being used for criminal activity. Continue reading Nominet Suspends 33,000 .UK Domains Following Law Enforcement Notifications

Nominet Donating Minimum of £200k To BBC’s Children in Need

Nominet, best known for managing .uk, is donating £1 for every new .uk domain name registered to BBC Children in Need until Monday 19th November. With a minimum commitment of £200k from new domain registrations, funds raised will go towards projects that use digital or new technology to support disadvantaged children and young people across the UK.

Money raised through new domain registrations, including those ending in .co.uk, .uk, me.uk and org.uk, will go on to support projects using digital to produce strong outcomes for children and young people. For example, clubs which provide technology sessions for children and young people affected by poverty and social exclusion, with the aim of helping them develop and gain new digital skills, whilst learning about new software technology, coding, robotics and digital arts.

“We’re focused on delivering public benefit initiatives that support a vibrant digital future, so it makes perfect sense for us to partner with BBC Children in Need to fund projects that engage and develop the skills of children and young people who might otherwise be excluded from the opportunity that new advancements in tech, digital skills and online inclusion can provide,” said Russell Haworth, CEO, Nominet. “We need to stamp out the growing digital divide, so the more young people who are able to make the most of being online and derive benefits from tech, the better. We hope our donation from domain registrations will go some way to help enable this.”

“It’s great that the funding raised by Nominet will support projects which utilise technology to support disadvantaged children and young people,” said Simon Antrobus, Chief Executive at BBC Children in Need. “We are excited about the benefits this funding will bring and are delighted to have Nominet on board as new partner for 2018.”

BBC Children in Need is currently supporting over 2,700 projects in communities across the UK that are helping children and young people facing a range of disadvantages such as living in poverty, being disabled or ill, or experiencing distress, neglect or trauma. Further information on BBC Children in Need can be found at bbc.co.uk/Pudsey.

With the proceeds of its successful registry business and cyber security services, Nominet has donated over £45m to tech for good initiatives helping over 10 million people. Its aim is to achieve lasting social impact focusing on enabling positive change on a range of emerging issues born out of our digital age such as online safety and digital inclusion, to existing social challenges where technology can play a pivotal role, and is committed to improving the lives of one million people a year. Find out more about Nominet public benefit initiatives here – https://www.nominet.uk/about/public-benefit/

Under this initiative Nominet will donate £1 to Children in Need for each new, paid for domain registration for the country code top level domain (ccTLD) ending in .co.uk, .uk, .org.uk, .me.uk, .ltd.uk, .plc.uk and .net.uk.

CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

Registering domain names in a country code top level domain often has benefits to that country’s local internet community. In the case of Canada’s ccTLD, Byron Holland, President and CEO of CIRA who manages .ca, recently explained how in a post on the company blog. Continue reading CIRA Explains Why Registering ccTLD Domains Benefits the Local Internet Community

.BR Hits 4 Million Domain Name Registrations

Brazil’s ccTLD manager, NIC.br, announced [Portuguese only] Monday they’ve reached the 4 million registrations mark after ‘more than 25 years of flawless operation’.

There are over 120 second level domains under which .br domain names can be registered from blog.br and wiki.br for individuals to eng.br and adv.br for liberal professionals, tv.br and tur.br for legal persons, rio.br, sampa.br and curitiba.br for cities those reserved for specific purposes such as gov.br, jus.br, b.br and org.br among others. Some of these have as few as 10 registrations, while the largest, com.br has 3,645,125 accounting for 91.2% of all registrations.

According to the latest Verisign Domain Name Industry Brief, .br is the seventh largest country code top level domain (ccTLD). Verisign already had .br at 4 million domain name registrations at the end of 30 June, probably through rounding, up in this case, to the nearest hundred thousand. China’s ccTLD was the largest with 22.7 million followed by Tokelau’s free .tk (21.5m), Germany’s .de (16.3m), the United Kingdom’s .uk (12.0m), Russia’s .ru (5.9m), the Netherlands’ .nl (5.8m). Following .br is the European Union’s .eu (3.8m), France’s .fr (3.2m) and rounding out the top 10 is Italy’s .it (3.1m).

Revenues from .br registrations allow NIC.br to, in addition to providing and maintaining the infrastructure behind .br, invest in a series of actions and projects that generate benefits and improvements to the internet infrastructure in Brazil. These include the operation of internet traffic exchange points, which promote the interconnection of networks that form the Internet in Brazil, reducing distances and costs; the handling security incidents and tracking internet statistics.

Nic.br notes that other advantages of registering .br domain names include additional security features, such as token and encryption, that strengthen both the accounts of Registro.br users, and their respective domains. There is another recent feature: a redirection feature that lets you point a .br domain to any URL, whether it’s on a website or the preferred channel on social networks, keeping identities and active tags on the Internet permanently. Servers distributed by Brazil and other regions of the world guarantee speed and reliability in the resolution of .br and a team exclusively dedicated to meet and assist users in their doubts complete the description.

Complaints Made About 0.0065% Of .UK Domain Names in 2017

A total of 712 complaints relating to 783 domains, representing just 0.0065% of the domain names on the .uk register, were made in 2017 according to Nominet’s annual summary of domain name disputes brought before its Dispute Resolution Service (DRS).

Over half of the complaints (55%) in 2017 in the .uk country code top level domain (ccTLD) resulted in a domain transfer. By comparison, there were 703 complaints in 2016, 53% of which resulted in a domain transfer.

The year also saw an increase to 15% in the number of disputes resolved with the domain name being voluntarily transferred to the Complainant by the Respondent upon receipt of the complaint. In 2016, 10% of complaints were resolved in this way.

“Thanks to the efficient DRS processes in place and the many Experts who generously offer their time and expertise, we can see in the numbers that the DRS is continuing to prove a useful tool for .UK customers,” said Russell Haworth, Nominet’s Chief Executive. “A steady increase in the number of .uk second level domain names being disputed year on year – almost doubling since 2015 – also reflects how the shorter domain is increasing in popularity and importance for individuals and businesses.”

Brands such as Jaguar Land Rover, Clydesdale Bank Plc, Virgin Enterprises Limited, Moncler S.p.A., “Dr. Martens” International Trading GmbH and the Sony Corporation used the DRS in 2017.

Other users of the service included St Neots Town Council, the fashion designer Philipp Plein, The Commissioners For HM Revenue And Customs, The Secretary Of State For Health and Puddy Cats Cattery in Maplethorpe.

“The increase in disputes relating to .uk second level domains is an interesting point. The Right of Registration that some .co.uk Registrants hold over the corresponding .uk domain name comes to an end on 10 June 2019,” said Nick Wenban-Smith, General Counsel at Nominet. “In the next two years this could lead to a further increase in the number of .uk domain names being subject to disputes as more and more potentially desirable names are made available to be registered on a first-come first-served basis. To avoid such a dispute, it’s important for .co.uk owners to review their options and act sooner rather than later.”

In their announcement, Nominet highlighted the following cases resolved through what they describe as their award-winning Dispute Resolution Service (DRS):

  • guntree.org.uk

The Complainant, Gumtree.com Limited, is  a wholly owned subsidiary of eBay Inc. It operates an online classified advertisement website, and has registered the trade mark “GUMTREE”.  The Respondent argued that GUNTREE has been derived from the artistic concept of a tree made of guns or an artistic gun made from wood.  GUNTREE advertises weapons to a specific market and therefore, does not offer the same services as the Complainant.  The independent Expert agreed with the Complainant’s claim that there is an overlap between the two sites which is likely to confuse Internet users.  Domain transferred.

  • victoriasecretbeauty.co.uk

The Complainant was Victoria’s Secret, an American designer and manufacturer of women’s lingerie and beauty products. The Respondent was a beauty therapist, operating a salon in Mayfair, London.  The Respondent claimed not to have known about the Victoria’s Secret brand at the time when the Domain Name was registered. In the view of the Expert, “this is not a credible claim, particularly taking into account that the Respondent operates in field of beauty services”.  Domain Transferred.

  • cybfx.co.uk

The complaint was brought by Clydesdale Bank PLC (Clydesdale and Yorkshire Bank), after they found that the domain name had been registered by someone who was asking for almost £100,000 in return for transferring the registration. The Expert agreed with the Complainant: that on the balance of probabilities the Respondent noted the Complainant’s trade mark application and purposefully registered the domain name in order to then sell it specifically to the Complainant at a later date.  Domain Transferred.

  • dignity.co.uk

The Complainant was Dignity Funerals Ltd, and the Respondent was an individual who had previously entered into a coexistence agreement with the Complainant’s predecessors in title, providing financial and insurance services through his companies.  The Expert stated “it does not appear the Respondent is doing anything that is confusing Internet users”, and that “dignity.co.uk shall remain with the Respondent”.  The Complainant appealed against this decision, but a panel of three members of the DRS Experts’ Review Group dismissed the appeal, whilst upholding a finding of ‘Reverse Domain Name Hijacking’ – using the DRS in bad faith.

Nominet also highlighted the following additional statistics:

  • In 2017 there were three appeals. Two appeals upheld original No Action findings. In the third Appeal case, the Appeal Panel agreed to combined two cases together for a review and two domain names were returned to the original Registrant.
  • The most common industries were Automotive (9) Electronics and Fashion (8 respectively), Retail (7) and Banking & Finance (6)
  • The year saw cases bought by complainants from 29 different countries, led by the UK (553) followed by the US (42), Germany (27) and France (20). Respondents came from 34 different countries. Again, the UK leads with 598 respondents, with the US second (17) and China third with 15
  • The overall average length of time DRS cases take from being filed to being closed was 57 days
  • Mediated cases took an average of 56 days to resolve in 2017 compared with 47 days in 2016. Cases being resolved by a Summary Expert decision took the same time that they did in 2016 (62 days), whilst Full Decision cases took on average 4 days less.
  • The majority of cases (87.5%) involved .co.uk domains, 6% were .org.uk or .uk domains and 0.5% were .me.uk
  • Court costs avoided in 2017 were almost £7 million – assuming court and legal fee savings of £15k per complaint that progresses into formal dispute resolution

New gTLDs Plummet, .NET Slides, While .COM and ccTLDs Continue To Grow: Verisign DNIB

The growth in domain names was once upon a time not so many years ago on a sharp upward trajectory. But over the last couple of years that growth has slowed dramatically, with registrations growing 1.0% in the year to the end of the first quarter in 2018, or 3.2 million, to approximately 333.8 million domain name registrations across all top level domains, according to the latest Domain Name Industry Brief from Verisign for the first quarter of 2018. For the quarter, registrations grew approximately 1.4 million, or 0.4%, compared to the fourth quarter of 2017.

This growth compares to the year to the end of the first quarter of 2010 when domain name registrations grew by 11 million, or 6%, or the year to the end of the first quarter of 2017 when registrations grew 11.8 million, or 3.7%.

Total country-code top level domain (ccTLD) registrations were approximately 146.3 million at the end of the first quarter of 2018, with an increase of approximately 0.2 million domain name registrations, or 0.1%, compared to the fourth quarter of 2017. ccTLDs increased by approximately 3.2 million domain name registrations, or 2.2%, year over year. This is a noticeable improvement on 12 months ago when the growth was 1.7% year over year. In the year to the end of the first quarter 2010 growth was 3.2%.

The .com and .net TLDs had a combined total of approximately 148.3 million domain name registrations in the domain name base at the end of the first quarter of 2018, with an increase of approximately 1.9 million domain name registrations, or 1.3%, compared to the fourth quarter of 2017.

The .com and .net TLDs had a combined increase of approximately 4.6 million domain name registrations, or 3.2%, year over year. As of 31 March, the .com domain name base totalled approximately 133.9 million domain name registrations, up from 128.4 million 12 months ago, while the .net domain name base totalled approximately 14.4 , down from 15.2 million 12 months ago.

New .com and .net domain name registrations totalled approximately 9.6 million at the end of the first quarter of 2018, compared to 9.5 million domain name registrations for the first quarter of 2017.

Total new generic top level domain (new gTLD) domain name registrations were approximately 20.2 million at the end of the first quarter of 2018, with a decrease of 0.4 million domain name registrations, or 2.0%, compared to the fourth quarter of 2017. New gTLDs decreased by approximately 5.3 million domain name registrations, or 20.7%, year over year.

Among the top 10 TLDs, the first 7 are the same as one year ago – .com is the largest followed by .cn (China – 21.4 million), .tk (Tokelau – 19.9m), .de (Germany – 16.3m), .net (14.4m), .uk (United Kingdom – 12.0m) and .org (10.3m). In eighth place was .info (6.2m) followed by .ru (Russian Federation – 6.1m) and .nl (Netherlands – 5.8m). In 2017 places 8 to 10 consisted of .ru, .nl and .xyz.

In their report Verisign note that their figures include domain names in the .tk ccTLD. .tk is a free ccTLD that provides free domain names to individuals and businesses. Revenue is generated by monetising expired domain names. Domain names no longer in use by the registrant or expired are taken back by the registry and the residual traffic is sold to advertising networks. As such, there are no deleted .tk domain names.

This article can be read with images at:
http://www.domainpulse.com/2018/06/15/new-gtlds-plummet-net-slides-while-com-and-cctlds-continue-to-grow-verisign-dnib/

.IS, .NO and .UK Announce How They’ll Comply With the EU’s GDPR

The GDPR is coming and a number of ccTLD registries are giving registrars heart palpitations. It’s a month till the European Union’s General Data Protection Regulation comes into play and the Icelandic, Norwegian, Slovakian and United Kingdom ccTLD operators are only just announcing how they’ll deal with it.

For Iceland’s .is they will stop publishing names, addresses and telephone numbers of personal contacts by default from the ISNIC WHOIS database. For individuals who wish to continue to publish their information, they must log in, go to “My Settings” and select “Name and Address Published”.

ISNIC will however, at least for the time being, continue to publish email addresses, country and techincal information of all NIC-handles associated with .is domains. Those customers (individuals) who have recorded a personally identifiable email address, and do not want it published, will need to change their .is WHOIS email address to something impersonal. However the Icelandic country code top level domain isn’t happy with the new regulation. They note the GDPR “will neither lead to better privacy nor a safer network environment.”

For the sake of the internet community, e.g. Individual users, Service Providers, Hosting Companies, and many other stake holders, ISNIC will continue to publish email addresses and the country name of all contact types until further notice.

For NORID, the registry for Norway’s .no, they have made a few changes to their policies that come into effect on 5 May. NORID state they will “only collect data that we need, and that the domain holder shall be informed about which data is being processed by Norid. Starting on 5 May, we will collect less data about the holder than what we currently do.” Following consultation with the with the Norwegian Data Protection Authority, NORID will launch a new version of WHOIS on 22 May.

And Nominet, the .uk registry, has announced their changes. Following a consultation period that outlined their proposed changes that were published for comment between 1 March and 4 April, Nominet have announced that:

  • Registrant data will be redacted from the WHOIS from 22 May 2018, unless explicit consent has been given.
  • Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
  • Other interested parties requiring unpublished information will be able to request access to this data via our data disclosure policy, operating to a 1 working day turnaround.
  • The registration policy for all .UK domains will be standardised – replacing the separate arrangements currently in operation for second and third-level domains.
  • The .UK Registrar Agreement will be updated, renamed the .UK Registry-Registrar Agreement, and will include a new data processing annex.
  • The existing Privacy Services framework will cease to apply.

“We have taken a conservative approach to publishing data, to ensure that we do not fall foul of the new legislation,” said Nominet COO Ellie Bradley. “While, as a result, we will be publishing less data on the WHOIS – we have comprehensive procedures already in place that ensure that we will continue to respond swiftly to requests for information to pursue legitimate interests.”

The proposals also outlined an approach to replacing the existing privacy services framework with recognition of a Proxy Service offered by registrars. In response to the feedback, Nominet has decoupled this proposal from the bulk of the GDPR-related changes and will consult further on this topic in June 2018.

Nominet Add To The Registrar Nightmare As They Finally Announce Proposed .UK Whois Changes For GDPR Compliance

On 1 March Nominet finally announced how they’re proposing to deal with the upcoming General Data Protection Regulation, with a consultation to run until 4 April and then Nominet will have to finalise their plans with the regulation to come into place on 25 May. The situation is a nightmare for registrars who have to plan and implement changes for all top level domains impacted by the GDPR.

As EPAG’s Managing Director Ashley La Bolle told Domain Pulse (the blog) following the Domain Pulse conference in Munich in late February:
“The domain industry has been really late to the game on GDPR implementation. It’s already March and we are just beginning to see real progress regarding contractual and technical changes for the GDPR. We expect to receive a lot of last-minute changes from registries in the next couple months. Although we’re not thrilled about having to make last-minute changes to system settings, we still prefer registries to make those changes before May so we can ensure compliance.”

In case you don’t know what is the GDPR, it’s data protection regulation intended harmonise data protection laws across the EU and replace existing national data protection rules. The introduction of clear, uniform data protection laws is intended to build legal certainty for businesses and enhance consumer trust in online services. The new regulation applies to businesses within the EU, or any business in the world that collects data on European citizens, such as when someone is registering a domain name. With any data that is collected, it is imperative that those collecting the data have clear and freely given consent from the individual. Huge fines apply for any organisation contravening the GDPR of up to €20 million or 4% of the company’s global annual turnover of the previous financial year.

For the changes Nominet is proposing for .uk, as with most ccTLD registries, they have allowed the domain name registrant information, also known as Whois, to be publicly available for their domain names. However in the new proposal all registrant information will be hidden. But Nominet’s concerns don’t just deal with .uk. They also manage .wales and .cymru, and Nominet, like all other generic top level domain registries have to wait until ICANN finalise how they will resolve the issue.

We have opened a comment period from today until 4 April on our .UK proposals to comply with GDPR legislation.

In summary, Nominet proposals are as follows:

  • From 25 May 2018, the .UK WHOIS will no longer display the registrant’s name or address, unless they have given permission to do so – all other data shown in the current .UK WHOIS will remain the same.
  • For registrants who wish for their data to be published in the WHOIS, we will provide appropriate mechanisms to allow them to give their explicit consent.
  • We will continue to work in the same way as now with UK law enforcement agencies seeking further information on specific domain names via our existing data release policy and via an enhanced version of our Searchable WHOIS service, available free of charge.  Those users will have automatic access to the names and addresses we hold.
  • Any third party seeking disclosure for legitimate interests can continue to request this information via our Data Release policy, free of charge.
  • The standard Searchable WHOIS will continue to be available, but will no longer include name and contact details to ensure GDPR compliance.  Those outside law enforcement requiring further data to enforce their rights will be able to request this through our existing Data Release policy.
  • The proposed new .UK Registry-Registrar Agreement (RRA) includes a new Data Processing Annex.  This sets out terms for how we would work with our registrars when processing registrants’ personal data during the registering, renewing, transferring or managing of .UK domain names to ensure GDPR compliance.
  • The Privacy Services Framework will be replaced with recognition of a Proxy Service, within a new .UK RRA to allow registrars to offer proxy services to registrants who do not wish to have their details passed to Nominet.
  • Additionally, we propose changing the rules for the data we collect for domain names that end in second-level .uk domain registrations, such as example.uk. We will no longer require a UK ‘address for service’ bringing this into line with third-level .UK domains such as example.co.uk, example.org.uk and so on.

Further details including links to all redline copies of the relevant documentation are available here. You can find just the redline versions here. 

A webinar for Nominet members to hear more about our proposals will take place on Wednesday, 7 March from 2.00-3.00pm GMT.

These changes cover the .UK namespace. Pending outcome of ICANN discussions, and feedback from this comment period, Nominet will set out our proposed approach for GDPR compliance for .cymru and .wales domains.