Category

Domains

Domain typosquatting: Online trademark protection from typos

By | Domains

A recently published report contains the following alarming statistic: In 2018, browsers “inadvertently” visited .cm websites such as itunes.cm or espn.cm on 12 million occasions, thereby reaching the sites of clever scammers. In 2016, Netflix and Citibank were among those affected. They had fallen prey to .om typosquatters. The accidental omission of the letter “c” led a large number of users to websites that attempted to install harmful malware.

In this article, we explain just how dangerous a technically harmless typo can turn out to be. We also provide an overview of the legal context, and appropriate strategies for trademark protection on the Internet.

1.    What is typosquatting?

In simple terms, typosquatting is the registering of typing-error domains. Scammers deliberately register domains that are very similar to well-known web addresses, differing only by a typo, misspelling, or wrong domain ending. In the above example, the web address itunes.cm was registered by a typosquatter, and anyone who omitted the “o” in the domain extension when typing the domain name in their browser ended up on the wrong website without realising. This tiny mistake directed a lot of traffic to the scammer, who exploited it for illegal ends.

2.    How does typosquatting work?

Typosquatting, which is also known as “URL hijacking” or “brandjacking”, is made possible by typos or misspellings in a domain name. If a user makes a mistake while typing a domain name, but fails to notice it, they accidentally end up on the wrong website. The owner of the domain then receives the traffic that was in fact intended for the trademark owner of the well-known domain.

The first case of typosquatting to come to international attention was in 2006. On that occasion, the typosquatters had their sights on google.com. Examples of typosquatting domains include URLs such as foogle.com, hoogle.com, and voogle.com. Since the letters F, H and V are immediately next to G on a keyboard, the typo is easy to make and the typosquatter (i.e. the owner of the fraudulent domain) automatically receives visits from web users trying to access google.com.

3.    What forms of typosquatting are there?

Below, we present some different forms of typosquatting, and illustrate them with examples. Please note that the examples are entirely fictitious! In fact, large companies such as Apple and Google have, of course, long since taken up the fight against typosquatters and have registered domain names containing typical typos and misspellings themselves, or have had them blocked by a special ICANN service.

  • Typos
    If you’re in a hurry to surf the World Wide Web, you’ll know how easy it is to make a classic typo. This is particularly true for people who touch type, or who rely on auto-correct. Well-known web addresses such as www.apple.com, for example, can easily turn into www. aple.com or www. appöe.com.
  • Misspellings
    Sloppy spelling is not always to blame when a user ends up on the wrong website. Many web addresses are misspelled out of pure ignorance. Not everyone in fact knows that Apple is written with “LE” at the end. People very often write as they speak, thus the web address might easily be written www.appel.com. Other examples include www.salando.com instead of www.zalando.com, or www.addidas.com instead of www.adidas.com.
  • Wrong domain extensions
    In recent years, more and more new top-level domains have been added. The next round is due in 2019. This, too, increases the likelihood of this form of typosquatting. Scammers are looking specifically for well-known brand domains in combination with unused extensions. Let’s use www.apple.com again as an example. Typosquatting here might make use of www.apple.online or www.apple.live, although the most common is www.apple.co. Combining the brand name with the top-level domain for Colombia, .co, drew in numerous Internet users who had forgotten to include the last letter in the most frequent TLD, .com.
  • Alternative spellings
    Users may also be misled by alternative spellings of services, brand names or product names, such as www.photografie.com instead of www.fotografie.com, or www.phantasie.com instead of www.fantasie.com.
  • Hyphenated domains
    This involves either omitting or adding a hyphen in order to illegally direct traffic to your own typo-domain. One prominent example was the website of the German chancellor, www.angela-merkel.de, during the 2013 election campaign. For a brief period, visitors reached the website of campaign opponent SPD by entering www.angelamerkel.de (omitting the hyphen).
  • Supplementing well-known brand domains
    If common brand domains are supplemented by appropriate words, a legitimate-sounding web address is quickly created. Let’s stick with the example of Apple. It results in websites such as www.apple-onlineshop.com, which may sound correct, but which has nothing to do with the brand owner and is used to spread advertising or malware.
  • Prepending with www
    Something that is in fact typosquatting, albeit in a very original form, is when three Ws are prepended before the actual domain name. Since it is not in fact necessary to enter www. in the browser line, you will end up on the wrong homepage if you type wwwapple.com. That small, forgotten dot can cause a great deal of damage.

4. What are the dangers of typosquatting?

What is it that makes typosquatting so harmful? There’s a simple answer: No one registers a domain with the above typos and misspellings just for fun. Typosquatters usually have criminal intentions and are trying to profit from typosquatting domains. In the 2006 Google typosquatting case mentioned above, for example, the scammers sent malware downloads to unsuspecting visitors.

Typosquatting is dangerous not only for users, but also for brand owners. The latter suffer by losing valuable traffic to typo-domains, and thus missing out on revenue. Nor can damage to their reputation be ruled out.

Below are some of the possible motives for typosquatting:

  • Phishing
    The aim of this kind of typosquatting website is to steal data. Email addresses can be obtained, for example, which can be sold for a lot of money. Phishing websites may feature surveys, prize draws or gift campaigns. Broadly speaking, phishing covers the collection of personal data, and the related identity theft. Fraudsters specifically target sensitive user data such as credit card numbers. This enables them to completely drain an account without being noticed. In order to access this sensitive user data, a perfect 1:1 replica of the original website is often created.
  • Domain parking
    In this case, typosquatters exploit brand owners’ desperation. They register typosquatting domains, then attempt to sell them to brand owners at completely inflated prices.
  • Product counterfeiting
    The aim here is to imitate a brand owner’s actual website as faithfully as possible, and then to successfully market counterfeit products.
  • Tapping traffic
    Typo-domains are a quick and easy way for an unknown company to attract traffic. The typo-website markets the company’s own products, and advertises apparently good promotional offers.

5. What is the difference between cybersquatting and typosquatting?

Typosquatting is often used as a synonym for domain squatting. This is not entirely accurate. While typosquatting is based on typos or spelling errors, so-called cybersquatters register or use domain names that do not belong to them.

6. A definition of cybersquatting

The term “cybersquatting” can be understood as the improper registration of domain names containing legally protected terms – for example brand names, protected product names, company names, or the names of well-known persons.

Cybersquatters attempt to sell these domains for as high a price as possible to the actual owner of the rights – that is, the company, brand owner or individual. In fact, many companies are willing to pay several thousand euros for these “fake” URLs. After all, it is only by purchasing these domains that you can prevent future misuse. Since URL hijackers pay just a few euros to register a domain, cybersquatting can be very lucrative.

7. The history of cybersquatting

The word “cybersquatting” contains the term “squatter”. The term was first used in 1788 to describe an illegal tenant – in other words, someone who uses the property of a third party, even though they are not entitled to do so and are not paying rent. In order to describe a similar situation on the World Wide Web, the term “squatter” was supplemented with the word “cyber”. Cybersquatters are therefore people or companies who are in possession of a “domain”, even though they have no right to it.

One of the earliest legal references to cybersquatting is the Avery Dennison Corporation versus Jerry Sumpton case in 1998. Jerry Sumpton had registered the domain names www.avery.net and www.dennison.net, which were identical to the two brands of the plaintiff Avery Dennison. In addition, Jerry Sumpton had registered around 12,000 other domains for the purposes of cybersquatting.

The judge in the case made it clear at the time that: “The defendants are so-called cybersquatters. They have registered over 12,000 Internet domain names. These are not for their own use, but solely to prevent the actual rights holders from registering these domains. And, like all cybersquatters, the defendants are seeking to profit from this misuse by offering the domains to brand owners at inflated prices.”

8. Examples of typosquatting and cybersquatting

Pinterest case study

The popular photo-sharing site Pinterest brought an action against a serial Chinese cybersquatter. He had registered domain names containing the brand names of start-ups and emerging American companies, including www.pinterests.com and www.pinterest.de. In this case, Pinterest complained that pinterests.com was registered improperly and unlawfully, as it copied the Pinterest logo and the site was used exclusively for dumping advertisements. While big companies such as Pinterest in the United States have been able to comfortably win most cases related to typosquatting and cybersquatting, the enforcement of trademark rights in China and other countries around the world is becoming increasingly difficult.

Donald Trump case study

The TRUMP brand is a registered trademark of Donald Trump. Nevertheless, in 2007, when the Trump Organization announced plans to build TRUMP hotels in Bangalore and Mumbai, India, the company Web-Adviso registered the domains TrumpIndia, TrumpBeijing, TrumpAbuDhabi and TrumpMumbai. The content of the websites on these cybersquatting domains included a parody of Trump featuring his shows “The Apprentice” and “The Celebrity Apprentice”.

According to Trump’s lawyers, Web-Adviso had committed a trademark infringement by registering the domains. In late 2010, Trump’s lawyers requested that the company remove the sites and pay USD 100,000 in compensation for each of the four domains, claiming they had damaged Trump’s reputation. When Web-Adviso refused to surrender the domains and pay the damages, the two parties went before a WIPO panel. The courts then ordered Web-Adviso to pay USD 32,000 in compensation, in addition to transferring the four domains to Trump.

While the domains did not contain the brand name Trump exclusively, they did lead users astray. It was claimed that the combination of brand + location for hotels is a common domain name. In this case, adding a location to the brand name misled users, and also offended Trump.

9. Quantifiable revenue losses due to typosquatting

In the report “Cyber Monday 2016: Typosquatting – A Threat to Brands and Consumers”, published on 23 November 2016, the company FairWind Partners investigated the connection between typosquatting and a decline in sales among the companies concerned. The report demonstrated that typosquatting can cause immense damage. The value of the traffic diverted to the improper typo-domains was estimated at over USD 50 million. This does not include negative consumer experiences, damage to reputation or loss of trust, which are difficult to quantify.

Further information on this interesting report can be found here.

10. Where do most cases of squatting occur?

  • Nearly a third of all cybersquatting cases are recorded in the spheres of banking and finance, fashion, Internet and IT.
  • Cybersquatting disputes related to new generic top-level domains (new gTLDs) make up over 12% of cases. The most common victims are .STORE, .SITE and .ONLINE.
  • In 2017, the majority of the domain-related legal procedures reported to the WIPO were in America, France, UK, Germany and Switzerland. The clear leader was the United States, where brand owners brought 920 cybersquatting cases before the WIPO.

Source

11. What can you, as a user, do about typosquatting?

  • Never visit a website by typing the domain name directly into the browser line. Instead, enter the name into a search engine. Real pages usually have far more hits than fake pages.
  • Once you have visited the real website, bookmark it, then use only your bookmarks in the future.
  • Use a voice command (e.g. Siri) to avoid typos.
  • Never click on links that you do not trust 100% – for example links in dubious emails, text messages, messaging services or social networks.
  • Never open suspicious email attachments.
  • Use antivirus software to protect your PC against malware and ransomware.

12. What can website owners do to prevent typosquatting?

  • Register important and obvious typo-domains yourself, and redirect these domains to the correct domain that does not contain a spelling mistake.
  • In addition to a country extension, such as .de, register other relevant top-level domains, including .com, .shop or .web, to prevent cybersquatters from registering them.
  • Register alternative spellings of your domain name, such as www .phantaise.com and www .fantasie.com.
  • Register variants with and without hyphens.
  • Use anti-spoofing technology.
  • Use secure email gateways.
  • Inform your customers and users about possible phishing attacks.
  • Verify your accounts on social media, and inform users.
  • Secure your website with a suitable SSL Certificate.
  • Use more trust elements on your website to boost your visitors’ confidence in your business and website.
  • Register your brand name with the Trademark Clearinghouse (TMCH), and use the Trademark Registry Exchange Service of ICANN (TREx). This will mean that unauthorised domain registrations by typosquatters and cybersquatters will be blocked – both during the sunrise period and beyond.
  • In addition, enter a brand-related term in the Domains Protected Marks List (DPML) of the Donuts registry. Over 200 new TLDs with this brand name will then be blocked, even after the sunrise period.

More information on the TMCH, TREx and DPML can be found on the website of EBRAND Services.

13. Domain monitoring by EBRAND Services

If you want to keep yourself safe from typosquatting, and if you want optimal protection for your brand from fraudsters, you can count on the comprehensive offer of EBRAND Services. We not only take care of trademark registration with ICANN, as well as inclusion in TREx and DPML, but we also offer a highly effective domain monitoring tool that monitors over 1,000 top-level domains worldwide. And it doesn’t stop there. We analyse and assess possible violations, and take legal action. Of course, we also advise trademark owners on “typosquatter-safe” domain portfolios and register selected domains for you. Further information is available on our website under Domain Monitoring.

 

This post is written by Stefan Hoffmeister, Digital Brand Protection Manager, EBRAND Services Germany.

 

Photo credit

How GDPR affects the fight against online infringements

How GDPR affects the fight against online infringements

By | Domains

On May 25, 2018 the General Data Protection Regulation (GDPR) entered into force, impacting every entity handling the personal data of European residents. The WHOIS system, a public directory filled with personal data seems, at first, incompatible with this new regulation. So how does the GDPR affect the fight against online infringements and abuse?

To try to get a clearer picture, we interviewed Luc Seufer, Chief Legal Officer of the EBRAND Services Group. 

First of all, could you tell us whether EBRAND Services has been impacted by the GDPR?

Because of our clientele type and the range of services we provide, EBRAND Services knows first hand the concerns the GDPR creates for the domain name industry.

As a domain registrar, the protection of our clients’ personal data is paramount, so we have always complied with all applicable laws in this regard. Aside from the redaction of certain data in our WHOIS databases, the Regulation has not imposed drastic changes to the manner in which we operate but rather a more thorough documentation.

As a brand protection services provider, however, the aforementioned redaction does constitute a hindrance we would prefer not exist.

In the last few months, a constant stream of articles from intellectual property protection groups  have been published to warn the public and lawmakers of the dire consequences of what they call the “WHOIS shutdown”. Could you tell us more about it?

To understand the current state of affairs, allow me to give you a brief history of ICANN and data privacy. For many years, data privacy specialists have formally and informally told ICANN that certain policies were infringing on European data protection laws.

The former Article 29 Working Party, now rechristened European Data Protection Board, sent several letters to each successive ICANN CEO.

Unfortunately, none took those warnings seriously and necessary reforms were never initiated.

Goran Marby, the current CEO of the organization, had to pressure the ICANN board of directors to approve a temporary policy allowing registries and registrars to take the actions they deemed necessary to abide by GDPR.

However, this policy’s text is so vague that each registry and registrar has implemented a different set of rules. Certain registries, for example, are redacting every Whois record in their database without regard to the location of the registrant or even the fact that they are a legal person and, thus, outside of the Regulation scope.

Others, like EBRAND Services, have taken a more pragmatic approach, only redacting details of natural persons while displaying an anonymized email contact address for those registrants. Others have opted to make an online contact form available on their websites. And some have even attempted to create an access model with a pseudo accreditation system.

In a few months, it has assuredly become difficult to access the contact details of domain name registrants.

Isn’t it ICANN’s role to define industry standards and enforce them?

During its latest meeting in Panama City, which I attended, ICANN announced that an expedited policy development process was being initiated, so that a lasting gloabl solution could be created. ICANN’s goal is to have this new policy finalised and put into force by the end of April 2019.

Although this may seem very slow to the general public, it is light speed for ICANN. As a reminder, it took ICANN 10 years to launch the new extensions program.

This new policy should introduce a tiered access system to the Whois databases. For example, law enforcement agencies should have a certain type of access, IP owners another one, registrars another, security researchers another…

As previously mentioned, certain registrars have tried to pre-empt ICANN by devising their own tiered access, but their models are not based on a common standard and are operated by the registrars themselves. Although every registrar is presumably a competent technical services provider, they are certainly not qualified to judge the legitimacy of requests for access to customers’ personal data. In my opinion, this initiative is rather dangerous and ill-adapted but the eagerness to find a solution easily explains its conception.

Does this mean that the DNS has really become a lawless place?

Not quite. On top of their local laws, every ICANN accredited registrar is bound by the same accreditation agreement to ICANN. This agreement requires registrars maintain a so-called abuse contact point. They must investigate reports of illegal activity involving domain names under their management.

As evidenced by our enforcement team results, it is still possible to obtain the suspension of domain names used in an illegal fashion. However, it’s very difficult to know the identity of the person behind the abuse.

So there is no way to identify infringing parties anymore?

Here, too, the crux of the issue is the lack of standard process and policy. Each WHOIS database maintainer (registry or registrar) is acting in accordance with its own interpretation of GDPR.

Some are adamant that only a court decision allows them to disclose personal data. Others solely require a substantiated complaint meeting the DMCA requirements. And some are clueless and, regrettably, remain mute.

When the infringement is constituted by the domain name itself, the initiation of a UDRP or URS may be considered as it will compel the registrar to disclose the registrant details. However, this route is quite expensive for a mere disclosure.

But this does not mean that brand owners are left to their own devices. EBRAND Services has developed a set of innovative technological tools over the years which are still fully functional despite the current situation.

Luc Seufer, Chief Legal Officer EBRAND Services Group

TREx trademark protection via EBRAND Services

TREx trademark protection by TMCH stops infringing cybersquatters

By | Domains

Don’t let cybersquatters jeopardise your trademark rights

Your online brand’s trademark is one of your most valuable assets. It helps you distinguish your business from others and safeguards your reputation. But in our digital age, they are also increasingly vulnerable to predators like cybersquatters. Trademark cybersquatting occurs when a third-party registers domain names, especially with well-known company and brand names, with the intention of selling them. In essence, this allows them to profit from a registered trademark.

Recent reports show that trademark holders must become increasingly vigilant to prevent this from happening. In 2017, cybersquatting disputes related to generic top-level domains (gTLDs) increased to 12 percent of the World Intellectual Property Organisation’s case load. Country code top-level domains (ccTLDs) made up 17 percent. After the US, France filed the most cases.

 

TREx, an extra layer of security for trademark holders

Trademark owners now have a new way to protect their online brands. The Trademark Registry Exchange (TREx), a new service available through the Trademark Clearing House (TMCH), provides additional protection for your trademarks. The TREx service is available for TMCH-registered trademarks. Accredited agents – like EBRAND Services – will use this centralized service to match your trademark across various top-level domains (TLDs), currently 33 – soon to reach 40 and more expected to join them. (Including legacy TLDs and ccTLDs.)

During a TLDs general availability phase, registries will remove the availability of domain names that match your trademark so that third parties are unable to register them. In essence, this will help trademark owners block their trademark in any number of TLDs, eliminating the need for defensive registration against cybersquatters.

TREx is a simple, cost-effective approach to trademark protection as it eliminates costs incurred from both defensive registration and the renewal of those domains. You will incur no cost from TMCH to have a blocked domain overridden if at some point you decide you would like to register the domain yourself. Moreover, you will avoid the hassle of having to file a Uniform Domain Name Dispute Resolution (UDRP) as you’ll be less likely to become a victim of trademark infringement in the first place.

But there are a few important caveats to consider:

  1. Domain names already registered by a third party prior to your signing up for the TREx service are, unfortunately, off limits. You will not be able to have these domains blocked. If domain names have already been registered under numerous TLDs, TREx may not be the best option for you.
  2. Once your TREx service is activated, it will be valid for one year and will be renewable each subsequent year. Your TMCH trademark record will need to remain valid for the duration of this period. If your trademark record expires before the end of the year, your TREx service will be cancelled.
  3. Variations related to your trademark are not protected under the TREx service.

How to subscribe to the TREx service

TREx is currently available to agents officially accredited by the TMCH or customers who are pre-paid trademark holders. Please contact an EBRAND Services Support Agent. We’ll get you started.

And keep in mind that EBRAND Services offers a variety of trademark protection and domain monitoring services. If TREx isn’t right for you, we’ll be happy to provide information about alternatives that are. Just remember: cybersquatters are lurking and if you don’t take action to protect your online brand’s trademark there’s a good chance it will be abused!

Homograph attacks increase need for brand protection | EBRAND Services blog

Homograph attacks increase need for brand protection

By | Domains

Internationalised domain names (IDNs) allow users to register domain names in almost any written language, enabling today’s global internet to become more multilingual. However, non-Latin script Unicode characters are making it easier for cybercriminals to register domain names for phishing websites. This website phishing technique, known as a homograph attack or IDN spoofing, is nothing new but reports indicate it’s a growing problem. If your domain isn’t being monitored, your brand is unprotected and may be at risk.

Unicode confusables key to homograph attacks

Farsight Security, the world’s largest provider of DNS data, has reported that between May 2017 and April 2018, nearly 36,000 domains were used to imitate 466 top brands with lookalike domains which used confusable characters. These brands came from diverse industries, ranging from banking to retail to technology. 91 percent of these IDNs were considered “confusable”.

IDNs represent characters in scripts other than Latin. Like other domains, IDNs rely on Unicode, which is the standard for digital representation of all the world’s languages. However, the key to a homograph attack is a specific Unicode formula known as Punycode. Punycode converts non-Latin script characters into code that is readable by DNS. For example, españa.com converted by Punycode creates the domain xn-espaa-rta.com. DNS will have no trouble recognizing xn-espaa-rta.com as it does not contain any non-Latin characters.

The problem, though, is that letters from different alphabets can look the same in different languages. These are called “confusables”.


Confusables are nearly undetectable to users, email clients, or web browsers. Take a look at this example (reported in The Sun).


To an untrained eye, there is no problem. But look closely at the “o” above “tower” and you’ll see a small diacritic mark – “ȯ” – which is used in some languages so, therefore, supported by Unicode.

This is the kind of small language script change that fraudsters rely on. They trick you into thinking you’re seeing one thing but, in reality, they’re redirecting you to a lookalike phishing site.

Combatting homograph attacks is everyone’s responsibility

ICANN (Internet Corporation for Assigned Names and Numbers) has taken steps to fight homograph attacks. Its Guidelines for the Implementation of Internationalized Domain Names provides registries and registrars with rules designed to help restrict the prevalence of homograph attacks and keep brands protected. Unfortunately, Farsight’s research indicates not everyone is adhering to the rules.

Many browsers have also responded to the growing threat of homograph attacks by providing warnings to users about potential Punycode lookalikes. Here’s what you see when you type https://www.са.com/ into Chrome and Safari:

Browser warning

Notice how in both examples the website address is converted to Punycode, “xn--80a7a.com” so visitors better understand this is a lookalike site. It is not the actual “.ca.com” site they are searching for. It is, instead, one using the Cyrillic “a” to trick users.

But what about outside browsers where such warning don’t exist? Users have a number of options:

  • Don’t click on suspicious-looking links in emails, especially from senders you don’t know.
  • See if your email client has the option to disable links altogether from incoming emails.
  • Changing the junk filter level will significantly remove the number of malicious incoming emails.
  • For both email and social media links, use a link checker (there are a number of them out there) to verify it.

Domain monitoring tools will help keep your brand protected

Of course, EBRAND Services is here to help eliminate threats which could undermine your brand name.

We use brand protection tools to monitor new domain name registrations, quickly identifying domains which are identical or confusingly similar to your brand, corporate name, or trademark. We identify who the infringing third party is. When necessary, we take legal action to stop third parties from infringing on your domain.

For more information about how we can help keep your domain name out of the hands of others, get in touch with one of our support agents. We are committed to making sure your brand name is never used by malicious third parties intent on unleashing the next big homograph attack.

What to expect from the next round of gTLDs

By | Domains

The following is written right after the March 2017 ICANN 58 meeting which took place in Copenhagen, and we will do our best to update it as the review process develops.

What to expect from the next round of gTLDs

New gTLDs coming soon ?

A question we often are asked here at EBRAND Services is : when will I be able to apply for my own internet extension (like my competitor did) ? We usually reply that the process and policy used for the last round of applications are currently being reviewed and that it’s difficult to give a firm date. To help clarify matters, we’ve decided to write this article which will delve into the current review, and foreseeable date, of the next rounds of applications. The following is written right after the March 2017 ICANN 58 meeting which took place in Copenhagen, and we will do our best to update it as the review process develops.

Refresher

ICANN (the domain name regulator) officially allowed new extensions to be applied for back in 2008. The means selected to delegate those extensions was to stagger them in time limited application rounds.

The first round took place in the beginning of 2012. 1,930 new internet extensions were applied for in accordance with ICANN categories : generic (.blog, .email,.企业 .ninja), geographical (.paris, .berlin, .nyc) , community based (.gay, .catholic, .porn), and brand (.lidl, .apple, .postbank).

The delegation started in October 2013 and, as of now, 1,216 extensions have been delegated. 86 should be delegated in the near future.

Second round

On February 7, 2012, the ICANN Board approved a resolution to implement a second application window for the new gTLD program.

However, before the second round can take place, the programme needs to be reviewed to ensure that the first one promoted consumer trust and consumer choice. Moreover, ICANN needs to measure the effectiveness of the application and evaluation process as well as the safeguards put in place to mitigate issues

There are currently three review processes, all running in parallel, which need to be finalised for the second round to open.

1/ New gTLD Subsequent Procedures The Subsequent Procedures working group reported that several tracks are running in parallel, each dealing with one specific aspect of the charter questions. Some of the work has been completed while other larger pieces are taking longer. They stated that their initial report should be issued at the end of 2017.

For its part, the Cross Community working group on Country and Territory names has concluded that no 2-letter label must be allowed in future gTLD rounds because 2-letters are specifically reserved for current and future ccTLDs. However, as the group could not reach consensus on 3-letter extensions, they might be allowed during the next round.

2/ All Rights Protection Mechanisms (RPM) As an EBRAND client, you must be aware of the protection mechanisms available to brand owners as part of the new extension programme. (If you are not, please do contact your account manager).

The RPM working group is tasked to review all rights protection mechanisms. As such its members are reviewing the use and effectiveness of the TMCH, the UDRP, the URS, and the lesser used Post Delegation Policy. The working group reported that review of the UDRP and URS would be undergone last as they will take longer than the first two.

The group expect to have its initial report ready for publication in late 2017 for the PDP and TMCH review. The second phase of the review, which will be solely dedicated to UDRP will begin in early 2018.

3/ Registration Directory Services The working group is still working on phase 1, which is focused on fundamental requirements for the new WHOIS system. Next step will be to focus on policy development. However due to the sheer amount of work and the divergence of point of of views between the group members, no specific timeline for an initial report was provided.

Get involved

Leadership from each working group called for more involvement : the more participants, the faster the work will be accomplished and the second round can take place. If you want to help, you can by joining a working group or commenting on working group reports.

ICANN Passess 100 Delegations for New gTLDs

By | Domains

ICANN Passes 100 Delegations For New gTLDs This week ICANN announced they have passed the 100 mark for new gTLDs to be delegated. The move to being delegated is one of the final steps before the Registries that control the gTLDs may begin accepting registrations. In total, as of 21 January there were 107 gTLDs delegated.

In the past couple of weeks the first brand was delegated with the Australian university Monash having its gTLD delegated. And one of the pioneers of the new gTLD programme, those behind the application for .berlin became the second city gTLD to be delegated behind .wien (Vienna).

“There are now almost five times more generic Top-Level Domains than there were only a few months ago and that translates to greater consumer choice,” said Akram Atallah, President of ICANN’s Global Domains Division. “We are as eager as everyone else to see what type of innovation these new Domains will usher into the online world.”

Noting the historic achievement, Christine Willett, Vice President of gTLD Operations, said the year ahead was full of new opportunities.

“This is an historic milestone for ICANN’s New gTLD Program and the Internet as a whole. The year ahead will be defined by new opportunities in a vastly expanding online landscape.”

In addition to the new delegations, over 200 Registry Agreements (RA) have been signed by new gTLD applicants. The signing of an agreement allows applicants to move onto the final stages of the programme and prepare for delegation into the DNS.

In a posting on the ICANN blog, Atallah wrote enthusiastically of the possibilities of the already delegated gTLDs. He rattled off the following statistics : • there are new gTLD registries with delegated gTLDs operating in nine countries, including Australia, China and Switzerland • the original 22 gTLDs consist of Latin characters only, and most are abbreviated English words, but the new gTLDs include Arabic, Chinese, German and Russian • registries for gTLDs .WIEN and .BERLIN self-identified as community applicants, signifying their intention to operate the gTLDs on behalf of the citizens of Vienna and Berlin, respectively.

But there are still obstacles to be overcome for some applicants with ICANN’s Governmental Advisory Committee, who is charged with giving advice to ICANN from governments to ICANN on issues of public policy, and especially where there may be an interaction between ICANN’s activities or policies and national laws or international agreements, concerned about some applications.

The GAC has expressed reservations about applications for .wine and .vin. The GAC is concerned that appropriate that safeguards against possible abuse of these new gTLDs may be needed. The issue for the GAC is that many may associate a type of wine with a region, and this name may be a protected name. Examples include Champagne and Burgundy in France and Mosel in Germany. However governments have not been able to agree on appropriate safeguards and the GAC has recommended “that the applications should proceed through the normal evaluation process.”

Other contentious applications raised by the GAC were for .guangzhou (IDN in Chinese) and .shenzhen (IDN in Chinese) which were both rejected with neither being able to get local government support. Another application, for .spa, aimed at the spa and wellness industry has similarly had difficulties due to it also being a geographic name. To deal with these concerns, the applicant (Donuts) has offered the city a number of domains to take account of their concerns.

There were also issues with the protection of intergovernmental organisation acronyms including the Red Cross/Red Crescent Names, a special launch programme for geographic and community gTLDs and the applications for .islam and .halal have also been contentious.

And one of the major issues for new gTLDs has been concerns raised by brand owners. In an effort to explain in simple terms issues such as the Rights Protection Mechanisms that trademark holders and their representatives can use to combat infringement during the Domain Name System expansion, ICANN published an educational infographic.

The New gTLD Program Rights Protection Mechanisms include both proactive and reactive measures for defending trademarks. The infographic seeks to explain these issues such as the Trademark Clearinghouse, Uniform Rapid Suspension System and Trademark Post-Delegation Dispute Resolution Procedure succinctly and clearly.

The infographic is available to download from http://newgtlds.icann.org/en/announ….