Month: June 2013

ICANN Board Responds to GAC Advice

Posted on by jbourne

The ICANN Board has handed down its most recent response to the advice provided by the Governmental Advisory Committee (GAC) on the New gTLD Program. Here’s a run down of what the ICANN Board decided:

Safeguards Applicable to All Applications

The GAC recommended that the following safeguards should apply to all gTLDs and be subject to contractual oversight:

  • Whois verification and checks
  • Mitigating abusive activity
  • Security checks
  • Documentation
  • Making and handling complaints
  • Consequences 

What the Board said:

Let’s make security a bigger part of the contract.

The Board has directed ICANN staff to modify the Registry Agreement specifically to make sure that registries require their registrars to prohibit illegal activities in the second-level domains they sell – activities such as distributing malware, phishing, trademark or copyright infringement, and other activities contrary to applicable law.

The registry operator will also be required to assess periodically whether domains in the TLD are being used to perpetrate security threats. Registry operators will be required to collect this data, generate reports, and provide them to ICANN upon request.

 

Singular and Plural Strings

The GAC recommended that ICANN reconsider its decision not to place singular and plural versions of the same term into contention sets.

What the Board said:

We’re going to carry on as planned.

The Board determined that no changes are needed to prevent user confusion, so applications for singular and plural version of extensions (think .NEW and .NEWS) will be allowed to move forward and to coexist if approved.

Therefore, no additional contention sets will be created as a result of GAC Advice.

 

Consumer Protection, Sensitive Strings, and Regulated Markets

The GAC recommended that strings linked to regulated or professional sectors should operate in a way that is consistent with applicable laws.

What the Board said:

Hold that thought.

No resolution has been passed addressing the Category 1 Safeguard Advice relating to consumer protection, sensitive strings, and strings linked to regulated markets. The Board will discuss this item at its July 2 meeting.

 

Restricted Registration Policies

The GAC recommended that, for strings representing a generic term, exclusive registry access should serve a public interest goal.

What the Board said:

If you’re going to let other people register in your generic gTLD, you can continue on the path through evaluation and launch without delay. For gTLD applicants who plan to keep their .EXTENSION for their own use (“closed” generic gTLD applicants), we need to consider this further before you can move on.

The Board adopted the proposed Public Interest Commitment (PIC) Specification (for Category 2 Safeguard Advice) for applicants not seeking to impose exclusive registry access. This will allow applicants for open access gTLD applications to proceed to contracting.

The Board advised ICANN staff to defer contracting with applicants seeking to restrict registry access for generic strings for their own use or for use by qualified affiliates.

The term “generic string” is defined in the proposed PIC Specification to mean “a string consisting of a word or term that denominates or describes a general class of goods, services, groups, organizations, or things, as opposed to distinguishing a specific brand of goods, services, groups, organizations or things from those of others.”

 

Next week, we will analyze the implications of these rulings.

Online Banking – new gTLDs could help reduce impact of phishing attacks and lead to greater consumer trust online

Posted on by jbourne

 

When the new gTLDs roll out, banking online will take a step toward better security.      Approximately 20 banks applied for their own .BRAND, including  Citigroup (.CITI),    Bank of America (.BOFA), HSBC (.HSBC), and The State Bank of India (.STATEBANK).    Other banks, including smaller regional banks, will have the opportunity to register in  the  generic TLD .BANK.

 

Those banks will be ahead of the game, particularly since the Wall Street Journal has  reported that that phishing was related to $2.5 billion in financial-industry losses in  2011.

 

 

https://gtldresult.icann.org/application-result/applicationstatus/viewstatus

fTLD Registry Services, LLC  (FRS) and Dotsecure, Inc. applied for .BANK. As fTLD explains in the public portion of its application, it is applying for the new gTLD “on behalf of the global banking community to ensure that the .bank gTLD will serve as a trusted, hierarchical, and intuitive namespace for this community, the businesses that are either supported by or represent the community and the consumers it serves.” Dotsecure, on the other hand, did not submit a community-based application for .BANK.  “The mission⁄purpose for .bank is to be the Global Banking TLD. Keeping this in mind, .bank will look to contribute to the Internet Namespace in several ways” and then proceeds to list Enhance Trust, Searchability and Recognition, Registrant Choice, Create a Cleaner Internet Space and Create a Stable and Resilient Internet.  Where fTLD focused on the community aspect of its application, Dotsecure focuses on the technical aspects of running a gTLD.

In its application, FRS (which was formed by the American Bankers Association (ABA) and Financial Services Roundtable), explains that registrants – those applying for websites or domain names within the .BANK TLD – will be vetted to ensure that the prospective registrant is, in fact, a recognized bank and financial services company.  Dotsecure also discusses the problem of banking online, “Within the current gTLD and ccTLD environment, there are constant attempts of fraudulent representation of banking institutions on the Internet. Fraudulent “Nigerian Bank emails” or “Chinese Funds Transfer emails” have occurred so often they have become common spam. Using the new gTLD program, it is possible to build a unique and trusted Internet space for banking institutions. In this gTLD, all registrations will be fully restricted to only certified banking institutions. The banking organization’s identity and accreditation will have been verified prior to allowing live web services of name resolution. The .bank new gTLD will be a more trustworthy system.”

FRS references recent reports by RSA and the Anti-Phishing Working Group (APWG) on phishing attacks, explaining that a secure and trustworthy TLD would reduce the incidents of phishing and phishing emails, which can contain harmful and dangerous malware.  As Josh Bourne of FairWinds Partners explains, “If bad-actors are not allowed to register in .BANK, then consumers can and will trust .BANK sites and emails that lead to .BANK sites. Those who try to scam consumers using official-looking emails from websites not ending in .BANK will be less likely to trick Internet users who know that their bank or financial services company only uses a .BANK website, for example.”

Customers of banks who applied for their .BRAND – like .BOFA – are likely to  benefit from knowing that any correspondence claiming to be from the bank but not generated by .BOFA is fraudulent (or highly likely to be fraudulent).  Hopefully, by establishing these secure, online territories for banks, the amount of financial industry-related phishing will be reduced for consumers worldwide.

Nordstrom’s Big Sale – (And Who’s Taking Advantage of It)

Posted on by jbourne

I woke-up on one morning a week or so ago, turned on my computer, started the coffee, and returned to my desk.  I noticed an ad for Nordstrom’s half-yearly sale while reading some emails. The coffee maker beeped, I went to the kitchen and poured a cup.  Still half-asleep, I returned to my computer and decided it was time to look at bathing suits and why not at Nordstrom? So I typed Nordstrom.com into my browser – only, it came out ‘nodstrom.com’. I expected to be redirected to the department store’s site but instead I was taken to a generic website asking me to take a survey.

My innocent web journey had been hijacked by a TYPOSQUATTER trying to separate me from my personal information with the possibility of a prize.

Once I got to work, I decided to recreate the typosquatting redirect on different browsers. Chrome and Safari redirected to http://super-savings.yamahaonlinestore.com/home.html?

Firefox redirected to http://global promotions.internationalredirects.com/home.html

For all three browsers, once I was redirected, I hit the ‘about us’ button. This is what I learned about the “us”, unidentified except for the name in the address bar supersavings.yamahaonlinestore:

“We are an online marketing company. We collect information about you when you visit and/or submit certain personal information through our website. This personal information may include, but is not limited to your:

  • e-mail address;
  • full name;
  • mailing address;
  • telephone number;
  • date of birth;
  • gender;
  • IP address;
  • payment information;
  • information about your background, interests, health, education, career goals, and shopping preferences; and

any other information which you provide to us through our website.”

That’s a lot of personal information – I mean, I guess you might win an ipad, right?

I decided to dig a little more – removing the ‘supersavings’ from supersavings.yamahaonlinestore to find out about the company “yamahaonlinestore”.

And I got what appears to be a cybersquatted website held by someone trying to capitalize off of legitimate Yamaha companies.   Using Domain Tools, I was able to determine the registrant was probably a domainer since he/she owns over 400 other sites but also that the registration information for nodstrom.com is private.

This “private” registrant is redirecting Nodstrom.com to supersavings.yamahaonline and collecting information from anyone who, like me, didn’t have enough coffee before trying to get to Nordstrom to buy a swimsuit on sale.

“This is a great example of how, through multiple redirects, typosquatters and cybersquatters take advantage of brands – in this case, Nordstrom and Yamaha – to make money,” explains Josh Bourne, one of the two partners of FairWinds Partners. “Unfortunately, they’re making money by using a legitimate brand’s name to attract pay-per-clicks and data mining – which hurts the brand’s credibility and draws customers away from the legitimate sites. A strong domain portfolio evaluation, including reclaiming cybersquatted sites and redirecting those high-value sites to the websites of the brand, can result in an increase of traffic and therefore revenue for many companies that don’t even realize traffic is being siphoned away.”

I asked a FairWinds consultant to run some traffic for me. Nodstrom.com gets an average of 1165 pairs of eyeballs per month (over the last 12 months). In the most recent month, however, it got 1409 – perhaps because of the sale I was hoping to hit up. Sale or no, the siphoning of traffic – and with it, revenue – stands to get worse when more cyberspace opens up thanks to the new gTLD program.  Cybersquatters and typosquatters could end up redirecting hundreds if not thousands of domain names in new top level domains (which could include, for example, .SHOP).  In the meantime, to avoid reaching a cybersquatted website and being annoyingly re-directed, I recommend having plenty of coffee when signing-on in the morning.

Missed Opportunities

Posted on by slevy

In a recent UDRP complaint, CVS Pharmacy, Inc. (CVS) was able to successfully recover the domain name cvsonlinepharmacystore.com. The complaint itself, filed with the World Intellectual Property Organization (WIPO) was rather straightforward. The Respondent did not even bother submitting a response and CVS was easily able to meet all three requirements – the domain name is identical or confusingly similar to a trademark or service mark in which it has rights, the respondent has no rights or legitimate interests in the domain name, and the domain name was registered and used in bad faith.

While the complaint itself may have been unremarkable, it’s highlighted as a very smart move by CVS.  The domain name, although a bit on the longer side, receives a tremendous amount of traffic. According to FairWinds’ calculations, cvsonlinepharmacystore.com receives approximately 707,099 visitors per year. These lost visitors were all missed opportunities for CVS. Now that it owns the domain name, it will be able to redirect that traffic back to its primary websites and hopefully gain some new customers and make some new sales in the process.

The lessons for brands in this case is that one domain name can make a big difference and it is important for brands to constantly be thinking about their domain name portfolios. CVS made a great choice in this case and demonstrates the best use of the UDRP by targeting a valuable domain name and building a strong and thoughtful case.

A Victoria’s Secret Angel Earns Her Wings

Posted on by slevy

One of the lessons that we at FairWinds have seen people learn over and over again is that just because you might be one of the rich and famous, it doesn’t necessarily entitle you to your name as a domain name if someone else has scooped it before you. See our blog post on former U.S. Congressman Ron Paul’s UDRP complaint from May as an example.

Given the right set of circumstances, though, some celebrities can prevail as evidenced by supermodel Miranda Kerr’s recent UDRP success in recovering the domain names kerr-miranda.com, mirandakerr.com, mirandakerrconnection.com, and mirandakerrweb.com.

Her complaint was filed with the World Intellectual Property Organization (WIPO) against someone calling themselves orangesarecool.com (the Respondent).

This proved to be an interesting case. The Respondent put up a tough fight when pressed to concede the domain names, pulling out almost every trick in the book in making her case. Among her many arguments, she stated that she has rights and legitimate interests in the domain names because of their use as legitimate fan sites, that the complaint should be barred on the basis of laches given that Ms. Kerr waited eight years to file, the purpose of the ads on the sites is purely to offset maintenance and server costs, and even that the supermodel is her favorite celebrity.

While the Respondent’s complaints may have been compelling, they did not stand up before the WIPO Panel. One of Ms. Kerr’s strongest advantages, that distinguishes her case from that of other famous figures, is that she uses her name for commercial purposes as a model and has thus developed trademark rights to the name. “She does not fall into the category of a person with a famous name who does not actually use her name in connection with the business she is engaged in.”

With regard to the laches defense, the Panel states in its decision that this should not generally apply in UDRP cases. Furthermore, the Panel clarifies that the relevant date for consideration is not the date of first registration of the domain names, rather the date the domain names were acquired by the Respondent, which shortens the length of time from eight years to three and weakens her argument.

In considering whether the domain names were being used for legitimate fan sites, the Panel pointed out that prior to the Complaint, the websites were generating revenue from Pay-Per-Click and banner advertising, eliminating the Respondent’s case that she was making legitimate noncommercial or fair use of the domain names.

While this definitely wasn’t a cut and dried case, it is an excellent example of how a celebrity was able to use the UDRP to successfully recover domain names associated with her name. It will also be a huge asset to the Australian beauty as she continues to establish herself as a world famous model and fashion icon and builds an empire around her name and image.

The View from Basecamp

Posted on by jbourne

Image

Fadi Chehadé, CEO of the Internet Corporation of Assigned Names and Numbers (ICANN), compares ICANN’s reorganization efforts to a climber at basecamp: ICANN has climbed a pretty major hill, is now taking a breather, but has a ways to go towards its peak of better professional and operational management.

That “breather” of course is hardly a breather since ICANN continues its gTLD policy work. At a U.S. Chamber of Commerce meeting on June 13, Mr. Chehadé touched on several upcoming milestones of the New gTLD Program:

  • The New gTLD Program Committee (NGCP) will wrap up its work on the GAC Communiqué by ICANN’s 47th Public Meeting in Durban, South Africa
  • The first new gTLD recommended for delegation (at which point it will be sent to the team at the Internet Assigned Numbers Authority (IANA) for technical preparation) will likely come in late September or early October

Mr. Chehadé expressed optimism about the reorganization of ICANN (the organization has been “decalcified,” he said) and New gTLD Program  (it’s taking “carefully agile” steps forward). He emphasized ICANN’s attempts to “change its DNA” by becoming truly international and spoke of his internationalizing efforts as taking the Los Angeles headquarters “and spreading it like butter” in Istanbul and Singapore – meaning those  cities will not be home to mere engagement centers but will be home to offices that duplicate the systems in the Los Angeles office.  Cheadé said he would split his year evenly between Los Angeles, Istanbul, and Singapore, and he hopes each new ICANN office will have 50-60 individuals on staff.

And what of the climbing ahead?  One hill to climb will be clarifying the distinction between policy matters and implementation matters to help frame future discussions of Internet governance. The ICANN community will have to work to define that distinction, Mr. Chehadé said. Fortunately, he believes the community environment is more cooperative than the combative one he encountered when he joined ICANN as CEO.

Update: NGPC Accepts Nine Items of GAC Advice on New gTLDs

Posted on by jbourne

ICANN’s New gTLD Program Committee (NGPC) is slowly working its way through the Governmental Advisory Committee’s (GAC) advice from Beijing, which made a number of recommendations about implementing the new gTLD program.

The NGPC met on June 4, 2013 and adopted a resolution accepting nine items, the first of the NGPC’s decisions on how to address the GAC’s Advice.

Among the items of GAC Advice that the NGPC accepted, are:

  • The GAC’s concern that religious terms are sensitive issues and that the applications for .ISLAM and .HALAL lack community involvement and support.
  • The GAC’s belief that singular and plural versions of gTLDs could lead to potential consumer confusion and the Board should reconsider its decision to allow both.

As part of the resolution, the NGPC also adopted a scorecard, which does the following:

1) lists the nine items of non-Safeguard Advice addressed by the NGPC;

2) indicates that the NGPC accepts each of those items of advice;

3) describes how ICANN will implement the advice.

The NGPC addressed three additional issues, including an applicant’s ability to change it’s applied-for string, protections for intergovernmental organizations, and public interest commitments.

Despite its progress, the NGPC has plenty of work still left on the GAC’s Advice. The approved resolution, for example, does not address the GAC’s recommended safeguards. The NGPC has scheduled three more meetings for June 11, 18, and 25 to address the safeguards and other remaining issues.

Stay tuned for more updates!

The Next Big .THING

Posted on by jbourne

As the final stages of ICANN’s New gTLD Program evaluation period approaches, everyone should be preparing themselves for the fact that the Internet is about to change in dramatic ways.

Anyone who uses the Internet will be affected by a tsunami of new generic top-level domains (gTLDs) – the space to the right of the dot – perhaps as many as 1,400 within the next two years. This will mark one of the biggest changes to the Internet since it came into common use.

To gauge the impact of this change on consumers in particular, FairWinds is conducting a series of market research surveys on awareness of and attitudes toward new gTLDs.

The second in this series of surveys was released today and can be downloaded here. A third survey will be released in the coming months as new gTLDs begin to roll out. The first of this series was released in December 2012 and can be downloaded here.

FairWinds’ second survey found that consumers:

  • Are open to using new gTLDs to navigate the Internet
  • Are willing to trust new gTLDs
  • Prefer .BRANDs to .GENERICs
  • Prefer direct navigation over search engine navigation
  • Expect companies to be technically prepared for new gTLDs

These findings underscore the fact that Internet users are untethered to the past, are open minded, and are receptive to new ways of doing things. FairWinds also discovered that Internet users prefer taking control of their Internet experiences and pay attention to what they type into the browser bar.

Brand owners – whether they applied for a new gTLD or not – can draw valuable lessons from FairWinds’ research. Internet users indicated they expect to see their favorite brands adopt and use new gTLDs and that poor online user experiences will lead to lost revenue and lost marketing opportunities for brand owners.

The better brand owners understand consumer behavior, the better prepared they will be to optimize use of their new gTLDs and remain competitive in the new Internet space.

The Test of Time

Posted on by jbourne

For those still unsure about whether to plan for new generic top-level domains (gTLDs), consider where the world was when the Internet was just starting out as a commercial space.

In 1995, Wired published an article by Newsday reporter Joshua Quittner, who wanted to know why there was no mcdonalds.com on the Internet:

“Are you finding that the Internet is a big thing?” asked Jane Hulbert, a helpful McDonald’s media-relations person, with whom I spoke a short while ago.

Yes, I told her. In some quarters, the Internet is a very big thing.

I explained a little bit about what the Big Thing is, and how it works, and about the Net Name Gold Rush that’s going on. I told her how important domain names are on the Internet… 

Sound familiar?

Mr. Quittner ended up registering mcdonalds.com himself after McDonald’s didn’t seem to know what to do about the available domain.

“I don’t have anything for you, and I probably won’t have anything for you,” she confessed. “I’ve left a lot of voicemail for people, but no one seems to know anything about it.” Jane Hulbert said she’d keep checking around, but she didn’t seem hopeful that we could get to the bottom of this domain-name thing. “You’ll probably just have to do your story without it,” she said. “It probably won’t be the end of the world.”

McDonald’s eventually bought the domain name back from Mr. Quittner, who donated the proceeds to charity.

Fast-forward almost 20 years, and McDonald’s is ready for the next Big Thing, with an application in for a new top level domain – .MCDONALDS.

Every once in a while, truly major changes disrupt the status quo in communications, advertising, and trademark protection, altering the way we look at business models. There will always be early adopters and there will always be stragglers. Don’t be a straggler as the Internet landscape shifts again to include new gTLDs – the space to the right of the dot.

Even if your company did not apply for its own .BRAND (each application cost $185,000, after all), it can still be an early player by formulating a strategy that allows the company to adapt as the new Internet landscape begins to take a more defined shape. Applicants and non-applicants alike need to look at which second-level domains (to the left of the dot) to register in generic gTLDs. Don’t assume that you can ignore extensions such as .NYC and .MUSIC – they may be hot real estate down the line. They may turn into your version of mcdonalds.com.

In the 1990s, people were asking “what is the Internet, anyway?”, and now, the Internet is taking another major leap by expanding its real estate.  Hopefully, we’ve learned a few things about emerging communications platforms in the last two decades that will spur business to better prepared for the .FUTURE.

For Love of Bacon

Posted on by jbourne

With Father’s Day fast approaching, Oscar Mayer is encouraging moms, kids, and other loved ones to tell the dad in their lives just how special he is…with bacon. Finally, an answer to the images of velvet-boxed cuff links – the velvet-boxed packages of bacon that promise to deliver quality on the Four C’s. No, not cut, clarity, color, and carat; this time it’s about, cut, color, cure and consistency.

There are three options for gift packages between $22 and $28. In addition to the velvet box of bacon, The Woodsman also comes with a multi-tool; The Matador, comes with bacon-shaped cuff links; and The Commander comes with a money-clip with a bacon insignia. You can only get the gifts on SayItWithBacon.com – the perfect domain name for the clever campaign. A great example of how a great ad campaign and digital real estate go hand in hand.

The gifts of bacon would work for your beloved – guy or girl – for any special occasion, but you must make the purchase before July 1.

I’m just upset that this didn’t come out a week earlier.  I would have gotten one for my husband for our anniversary! His love of bacon even made it into his best man’s wedding toast, so the gift would have been a nice callback. At least I can still send him a note with an illustration of his favorite treat: SayItWithBacon.com also gives you six (free) options of e-cards to send.