In addition to the news release about our new service, YummyNames, we’ve also put together a short video explaining what YummyNames is all about with Bill Sweetman, General Manager, YummyNames:

And we also have a social media release (SMR) which is a special webpage loaded with nearly a dozen videos, images, quotes and links about the announcement. You can view that here.

Of course, we’d also like to invite you over to the brand new YummyNames website where you can try a search or two and see what the portfolio has to offer.

As we pointed out last week, the Canadian Internet Registration Authority (CIRA) which operates the .ca registry, is about to introduce some big changes to its existing WHOIS policies. The changes are largely associated with what information WHOIS databases, registrars and resellers are able to disclose about registrants.

These upcoming changes will have a pretty significant impact on some of our .CA policies. Specifically:
Our public WHOIS database, like CIRA’s, will protect registrant information by default. All personal information about individual registrants will be kept private, including the name of the Registrant and the name and any contact information.

• Registrants have the ability to disable WHOIS privacy from the CIRA registrant interface if they choose to do so. It is enabled by default.
• Corporations and organizations will have the option to request similar WHOIS protection in special circumstances. It is disabled by default.
• Interested third parties will still be able to contact the registrant by using a contact form available on CIRA’s website (similar to other WHOIS privacy services).
• Resellers will be required to keep registrant information confidential, revealing personal information via telephone or otherwise under very specific circumstances only.

These changes will come into effect on June 10. CIRA will begin messaging registrants about the upcoming changes this week.

After much deliberation and consultation (in other words, in true Canadian fashion), the Canadian Internet Registration Authority (CIRA) has announced that WHOIS Privacy will go into effect on .ca domain names beginning June 10th, 2008.

The CIRA approach to WHOIS privacy is quite interesting and demonstrates a clear desire to protect the privacy of Registrants. There is full information on the new policies at the CIRA website.

In his Law Bytes column in today’s Toronto Star, Michael Geist calls the new policy “a model for domain name registries around the world.”

Geist goes on to suggest that CIRA is now in a global leadership position on the issue of registrant privacy. Geist writes, “With more than a million Canadian domain name registrations, the resolution of the whois issue ensures that the Canadian domain name space is set for continued growth as it now features a “privacy advantage” over other domains struggling to strike a similar compromise.”

What makes the CIRA policy different is that WHOIS privacy is enabled by default for individual domain owners. Registrants have to specifically opt-out with CIRA to have their information displayed. In contrast, the registration information for corporate domain holders is shown by default, however, they can opt-out and hide the information in what CIRA calls special circumstances.

As you would expect, we’ll be fully complying with the new policies. We’ll have more on how things will work from both a Registrar and from the Reseller perspective soon.

Domain name renewal schemes are nothing new - we’ve been dealing with them for years - but we figured it wouldn’t be a bad idea to bring them to your attention once again. A quick Google search brings up thousands of examples.

The usual tactic, known as domain slamming, is fairly basic - unethical companies mine WHOIS records for Registrant information and domain expiry dates. Then, months in advance, they contact the Registrant either by mail or email with a very official looking and sounding document or message that tells them to protect their valuable name by renewing early. A Google Images search brings up a couple of scanned examples.

Of course, when the Registrant sends the cheque or pays by credit card, thinking they are doing the right thing, what actually happens is that a Registrar transfer is initiated. The Registrant will then blindly go through the steps to complete the transfer, again thinking they are doing the right thing to protect their valuable domain name.

Combatting this is really fairly simple. I spoke with Paul Karkas, our Compliance Manager, who has been dealing with this kind of thing for years and has a few recommendations for resellers:

1. WHOIS Privacy. This is the absolute best protection. It stops the practice dead in its tracks as there is no way for to contact the Registrant directly. Encourage your customers to take advantage of WHOIS Privacy and the protection it offers. Tucows includes WHOIS Privacy for free as part of our domains package.
2. Domain locking. A locked domain can’t be transferred, again, preventing the domain slam. The transfer attempt may generate a support call by the Registrant to remove the lock, in which case you have the perfect opportunity to make sure the transfer is legitimate.
3. Communication. Let your customers know about this practice and ensure that your customers know who you are and who their Registrar is. Clearly spell out your communication policies surrounding renewals (i.e. “We never send mail invoices reminding you to renew.”) before the scammers have a chance to spread their mis-information.

The Registrant is only one of the victims in domain slamming. When your customers get taken by fake notices like these, you lose their domain business. But if you take the time to educate your customers, you reap the benefits of a better relationship in which the customer knows that you are on their side, looking out for their interests.

Earlier this week, the ICANN Board recommended making the ICANN fee of $0.20 per domain year non-refundable. Previously, that fee was refundable if the domain was deleted within the five day Add Grace Period (AGP).

Around the same time, Google announced it would drop names consistently added and deleted during the AGP from its AdSense program, making it far more difficult to profit from ads served on those domain names.

We think ICANN’s resolution to introduce a fee is a good first step, but we don’t believe it goes far enough; some tasters will look at a nominal $0.20 fee as a cost of doing business. Add Grace Period abuse could be further diminished or eliminated by substantially shortening the AGP period to 12 hours or less. This would let registrants correct ‘true’ mistakes like spelling errors (which is what the AGP was originally intended for), while significantly curbing the practice of tasting at the same time.

For those of you who aren’t aware of what tasting is, here’s a quick overview: Generic Top Level Domains (also known as ‘gTLDs’) support what is known as an ‘Add Grace Period’ (AGP). Originally designed to correct domain name registration errors like typos and such, the AGP allows registrars to delete any names they register within five days, and receive a full refund.

Over the past several years the AGP has been used largely for profit instead of correcting mistakes. Some registrars register names en masse, display ads on them, measure their traffic, and then see which ones might be profitable to keep. The rest are deleted before the end of the grace period. How many names are deleted? According to an ICANN report, 94% of all .com registrations in January 2007 were deleted. Some registrars even re-register and delete the names over and over, allowing them to essentially keep the names for free.

The result of this practice is short-term trademark infringement, consumer confusion as sites disappear/re-appear (and point to advertising), and a great deal of unnecessary (and potentially dangerous) operational load.

Domain tasting will be one of many issues up for discussion at ICANN’s 31st International Public Meeting, will take place between February 10 and 15. I’ll be heading to India in two weeks and I’ll provide coverage of the meetings here on the Tucows blog.

As James mentioned in yesterday’s post here on the Tucows Blog, Network Solutions Inc. caused quite a furor when they confirmed that they are “front running” (registering domains based on domain searches done by potential registrants).

After a contributor to Domain State broke the story, it was covered on Techmeme, Digg, Slashdot, and a host of individual sites and blogs, etc. and so on. Heck, it even made USA Today.

To be clear, Network Solutions officially denied they were front running:

Although Network Solutions does temporarily register a site a customer searched for, spokeswoman Susan Wade denied there’s anything nefarious afoot. “Network Solutions is not front-running,” she said. Network Solutions holds the domain for up to four days, during which time a customer can register it only from Network Solutions and after which it again becomes generally available if unregistered, Wade said. But that feature, she said, is a “pre-emptive” measure to protect customers–from front-runners. That’s because front-runners can tell when a customer has searched for a domain at Network Solutions, for example because Network Solutions then must check availability at other sites when a customer searches, Wade said.

Respectfully, this is spin. As many of those up in arms about this have pointed out, Network Solutions is effectively saying “we’re pre-emptively front running to help prevent others from front running”.  My guess is most people would say “thanks but no thanks”. I’m concerned however about an aspect of Susan Wade’s statement that others haven’t made much of, namely that registries are involved in Front Running.

“This search data is captured at the various registries. We believe there are registries and/or Internet service providers that may be selling this data to front-runners. So, by holding domains searched on Network Solutions, this pre-empts the search data being captured,” she said.

If Network Solutions has evidence of registries  - or any service provider for that matter - actually being involved in front running, I urge them to share this information with the Internet community so that we can all make sure that these people are called out for the practice and our customers can be told to avoid them in the future.

In light of some very recent events in the domain name market, we thought now would be a great time to again call attention to why taking your time, and doing your research when choosing your Registrar is so important. The advice applies both to Resellers and to Registrants as the impact of making the wrong choice can, and will, be felt by both.

The “recent events” I’m referring to is the practice Network Solutions was found to be engaging in whereby they would immediately purchase available .com domains that were searched for at their website. While this practice is commonly referred to as front running, Network Solutions has since responded, and have said they instituted this practice as a way to protect potential Registrants against front running by ensuring that the domains they searched for remained available for purchase. We’re willing to give Network Solutions the benefit of the doubt in this case.

Tucows applauds any attempts to protect Registrants from the less scrupulous members of the Internet community.

While Network Solutions registers names searched for at their website, and parks the domain with a holding page, it should be noted they do not attempt to monetize with PPC ads, or otherwise prevent the purchase of the domain in question. However, at this point, potential Registrants are effectively forced to purchase the domain from Network Solutions for a period of four days at which point the domain is dropped.

Read more about it here, and here, if you wish.

I spoke with Adam Eisner, our Product Manager for Domains and he reiterated the underlying values we hold at Tucows.

We work to uphold the rights of Registrants. That means, for example, not putting 60-day locks on domains when a Registrant makes a change to their WHOIS information effectively locking some into a renewal and blocking domain name transfers to other Registrars. That also means having a clear, defined policy surrounding expiry and redemption periods. You can read ours here.

Specifically on the subject of domain tasting, Adam stated that Tucows works to prevent domain name tasting by charging our Resellers a monetary fee on domain name registrations that are cancelled within the five-day Add Grace Period (AGP).

In addition, Tucows does not engage in front-running. Adam is clear on this point: Tucows doesn’t use WHOIS query data or search data from our API to front-run domain names. You can trust our WHOIS and domains lookup search boxes.

But following the rules is just part of what we’re doing to make the Internet better. Tucows has, and continues to work to shape Internet policy with the rights of resellers and domain name registrants in mind. We’ve long been active at ICANN and we’re continue to work to shape domain name policy with the expressed goal of making the Internet better for its users. Next month we’re off to New Delhi, India, for the 31st International Public ICANN meeting.

Ross Rader, our resident policy guy (officially the General Manager of Retail Services) has worked tirelessly in the areas of WHOIS Privacy reform, to name but one example. Elliot Noss, our President and CEO, was one of the people at the forefront of the fight against Registry price increases last year.

Last May, Elliot wrote an extensive article for this blog titled “Questions to Ask Before You Pick Your Domain Name Registrar.” We reference that post regularly as it provides a wealth of information that Registrants can use to educate themselves about how to evaluate potential Registrars before they make a domain name purchase.

Thanks to Flickr user Joe Nangle for the photo and for releasing it under Creative Commons.

When it comes to choosing a domain name for your business, it helps to have a ‘dirty’ mind. Otherwise you might end up being stuck with a domain name that will get you into trouble with word-based content filters.

That’s right, if your domain name inadvertently contains a ‘naughty’ keyword or phrase, your entire Website may be blocked by content blocking filters still commonly used by large corporations, libraries, schools, and overprotective parents. Your site might also be hindered from showing up in some search engines, and some of the email messages you send from your domain could end up being blocked by spam filters.

Here are some fictitious examples of what at first appear to be innocent domain names:

• HireThisExCopper [dot-something]
• EssexWorld [dot-something]

Look closer, however, and you will notice that the first domain contains the word “sex” and the second contains the phrase “sex world.” Both of these domains could end up running into trouble with filters, especially the second one.

And can you spot what’s problematic with these domain names?

• ScanAlley [dot-something]
• CanalTours [dot-something]

Both contain the word “anal” which also poses a risk of running afoul of filters.

You get the idea…

So before deciding on your next domain name, be sure to scrutinize it carefully. Look for any and all ‘troublesome’ words and phrases. The last thing you want is to have your seemingly innocuous domain name misinterpreted by word-based content filters.

As a follow-up to yesterday’s post about how to protect your domain names from theft, I’ll point you to a blog post by Bill Sweetman, our General Manager, Domains Portfolio, over at the Canadian Marketing Association’s blog. In that post Bill suggests a domain name related New Year’s Resolution.

I’ll add to Bill’s comments and suggest that while you’re running a WHOIS query on your domains, you should see if you have WHOIS Privacy enabled. If not, enable it and then set those renewal reminders as Bill suggests.

Over Christmas there was a well-publicized case of domain-hijacking that gained some worldwide media attention when David Airey had his domain, www.davidairey.com, stolen. The story was a familiar one – a domain thief gained access to a domain holder’s email account (in this case, a Google GMail account) and then used that account to gain control of the domain name and transfer it to himself.

This story had a happy ending and the domain was returned to its rightful owner thanks to, in this case, Go Daddy, which was the receiving Registrar in the fraudulent transfer.

At Tucows we’re actively engaged in the battle against online fraud including domain name theft, phishing, and spam. When domain name thefts are reported to us, our Compliance Team acts accordingly to assist with retrieval of domains where possible.

I talked to Paul Karkas our Compliance Manager. There are a couple of tips to avoiding domain name theft he suggested all domain owners and resellers learn:

1. Use WHOIS Privacy. It can protect you to a certain extent from this kind of theft. If the administrative email address that is listed with the domain name under WHOIS is exposed, then a potential domain thief has two pieces of information he needs – the domain name, and the email address used to manage it. The thief can then gain control of the email address, and then use that email address to gain control of the domain by having passwords emailed to himself. WHOIS Privacy offers some protection because it prevents the domain thief from finding out what the administrative email address is for the domain name.

2. If you can avoid it, don’t use free, web-based email addresses for your administrative contact. In this case, a security flaw in GMail allowed the hacker to gain control of the email account of the domain holder. Likewise, having your entire domain portfolio under a single administrative email account is another mistake. Never mind having one domain name stolen, if a thief gains control of your email account, he could steal your entire portfolio of names.

3. Your domain name is worth more to you than you might think. It may only cost you $10 a year to register the domain, but take a moment to imagine what the cost would be if you had to change domain names tomorrow. It could be as easy as reprinting business cards, or as difficult as re-branding your entire company.

4. Chose your Registrar wisely. Look for a Registrar with a solid Compliance team and a good record within the industry. They’ll have policy and procedures in place to protect you against domain name theft, and in the event your domain is taken from you fraudulently, you stand a better chance of getting it back with a solid registrar. Our CEO, Elliot Noss, has talked about this in the past. You can read his “Ten questions to ask before you pick your domain name Registrar” post for more information on how to make an informed choice.

If you do one thing today, make it this: activate WHOIS privacy on your domains. At Tucows, we recognize the value of WHOIS Privacy, and we include it free with every domain name sold.