Missed our .ORG Webinar? We’ve got you covered. Below you’ll find a recording of the live presentation as well as links to the downloadable .ORG Toolkit and Webinar PDF.
Watch the .ORG Webinar
The health and safety of our customers, partners, and employees are of the highest priority to Enom. With the heightened concerns about the spread of the COVID-19 virus (Coronavirus) and the unpredictable nature of the virus, we have taken precautionary steps to reduce its potential impact across our offices globally.
We want to assure you that we are fully prepared to continue providing uninterrupted services and that your services continue to receive dedicated attention from our team of engineers around the clock.
We have restricted business travel and in light of that, we have requested that our staff work from home wherever possible. Even with our work-from-home policy in effect, the Enom team remains available for remote meetings, and there will be no change to our business and technical support hours.
We continue to keep a close eye on the recommendations of the Centers for Disease Control (CDC) and the World Health Organization (WHO) as they pertain to the latest developments on COVID-19. In following their guidelines, Enom is taking the following additional measures to reduce the likelihood of impact:
We are doing everything in our control to ensure your critical services are fully operational and safe while you focus on keeping your employee base and their respective family members healthy.
We encourage you to also read Tucows COVID-19 Statement.
As always, the Enom Support team will be there to provide help whenever it is needed. Contact our customer support team by calling 1-855-600-0886 or by emailing firstname.lastname@example.org.
Tucows provides reasonable, lawful access to non-public registration data; this means constantly working to balance the privacy rights of registrants against the rights of third parties, most of which, in our experience, are related to intellectual property rights (90% of all requests). In addition to the usual statistics, this update also includes a deep dive into actual examples of some problematic disclosure requests, a discussion of the reasoning behind denials, and what this means for the industry conversation about disclosure requests.
These ongoing updates are intended to provide insight into the disclosure requests Tucows receives and to serve as useful data for discussion as our industry moves toward a holistic policy governing the disclosure of private data.
The statistics discussed below include data through the end of February 2020 (“Period 3”). Each request is a request for personal data regarding the registrant of a domain where that information is not publicly available. A member of the Compliance and Legal team reviews every request individually to balance the rights of the data subject and the legitimate interests of the requestor to determine whether and how much data should be disclosed; this includes consideration of Tucows’ contractual requirements as well as applicable laws—both privacy laws and intellectual property laws. This work is time-consuming and intense but there’s no other way to make sure that we’re making the right decisions about when to disclose the personal data we’re entrusted with.
Tucows received 238 requests for data in Period 3 (from mid-October 2019 to the end of February 2020), and 2,864 requests in total since the Tiered Access portal went live in May 2018.
Previously, data for Period 1 was discussed in Tucows’ Tiered Access Directory: a look at the numbers and for Period 2 in Tiered Access Data Disclosure Update.
This rate of disclosure is about double what it was in the previous two periods (24% in Period 1 and 36% in Period 2), indicating higher quality requests. This is likely related to the use of the RrSG Minimum Required Information for Whois Data Requests, which was drafted by ICANN’s Registrar Stakeholder Group (RrSG) to help standardize requests for domain data disclosure. Requests that use this format are easier to review (all of the required information is included in a predictable format) and deficiencies are simple to communicate to the requestor. It may also be due to Tucows’ outreach efforts to educate requestors about this format. This higher rate should be considered illustrative of success and a positive movement toward appropriate disclosure of personal data to parties with a legitimate purpose.
Despite formal outreach and personalized responses to each request, a significant number of requests are incomplete and responses seeking further information are ignored by the requestor. This is because either there is no party on the other end to review responses that do not include data (the request is automated and not appropriately monitored) or there was no reason to make the request in the first place and pushback had the correct effect of preventing unnecessary disclosure of personal data.
This represents a decrease from the previous period but is level with Period 1 and the overall rate of denied disclosure requests.
Parties experienced with our data disclosure request process have recently begun to specifically request data for domains clearly indicated in the public Whois as using Tucows’ Whois privacy services. In some cases, this has been accompanied by a dropoff in requests for the personal data of registrants without Whois privacy. In other cases, there has been no dropoff in requests for non-Whois privacy domains but the format of the request has changed, indicating that the requestor is aware of the fact that there is Whois privacy on the domains but is attempting to get the underlying data without submitting a subpoena, as is Tucows’ current process.
Here’s an illustration of the total volume of requests Tucows has received since the launch of Tiered Access:
The number of requests appears to have stabilized, concurrent with the increase in quality of requests. Again, this is a positive trend as both requestors and the Tucows family of registrars have acclimated to the new privacy legal landscape.
It may seem counterintuitive but an increase in disclosure rates means that request quality overall is improving and signals a positive move toward appropriate disclosure.
Additional information on duplicate requests can be found in Tucows’ Tiered Access Directory: a look at the numbers (for Period 1) and Tiered Access Data Disclosure Update (for Period 2).
As noted above and in previous blog posts, disclosure of registration data is only granted when the requestor has demonstrated a legal basis to access the data. While requestors can be categorized into a few broad groups, inclusion in a certain group does not determine if and which data are disclosed. Each request is—and must be—evaluated on its individual merits. Requestors therefore are grouped below solely for analysis’ sake. The main tracked requestor types are:
As you can see, Commercial Litigation has made up the bulk of requests since Tucows began tracking this data. Typically, these requestors are either companies that are created specifically to request this type of information on behalf of large corporate clients or are lawyers hired or employed primarily to request this type of information.
Also included in this category, however, are individual rights holders attempting to protect their rights (sometimes intellectual property, sometimes personal privacy rights) without the advantage of a company or a lawyer devoted to that purpose. Especially in light of the Preliminary Recommendations found in the EPDP Phase 2 Team’s Initial Report, it is important to ensure that individual rights holders continue to have a reasonable means of requesting the information necessary to protect their rights.
The rate of requests by Security Researchers is deceptively low because it is counted differently. Most requests are counted by the number of domains requested; when a request is received for the entire database, however, that is counted as just one request, not millions. Some Law Enforcement requests fall into this category, as do nearly all requests from Security Researchers. We currently do not allow unfettered access to our database to anyone and are working with representatives of both groups to come up with a means of providing the data necessary to conduct their investigations while protecting the privacy rights of individuals.
We regularly receive requests for disclosure of registration data which we deny after reviewing the request, the requestor, and the relevant data (including the domain name itself and any content that may be hosted there). In the interests of transparency and advancing industry discussion on this topic, we’ll share some real-life examples of denied requests along with the reasoning behind our decision below. For some of these, the domain names in question are relevant and therefore the requestor may become evident. We should emphasize that, due to the sheer volume of requests from certain requestors, a trademark or corporation may appear more than once. This should not be taken to mean that all requests from these requestors are invalid or are treated differently than any other requestor; the domain names are simply used as examples.
It is concerning that these invalid requests which, upon meaningful review, are readily apparent as invalid even to a layperson, continue to be submitted. This underscores the fact that any attempt at automation will result in numerous false positives and that meaningful human review is essential prior to disclosure.
These requests fall into three broad categories: duplicates, an issue with the allegedly infringed trademark, or fair use. As the majority of disclosure requests Tucows has received to date are for alleged trademark infringement, the examples below may fall primarily into that category; again, it should not be assumed that this is the only type of invalid request.
Many disclosure requests include a list of all trademarks potentially infringed by a specific domain or set of domains; this is not ideal as the domain name must be compared to the list rather than to a single trademark that is being infringed and it is often not apparent to the reviewer which trademark is the issue. This lack of specificity also suggests that the request originates from an automated system.
A shocking number of disclosure requests relate to domains not registered with the Tucows family of registrars—sometimes these domains are not registered at all. We have even received a disclosure request alleging trademark infringement for a domain that predated the trademark’s registration. These issues point to the limitations of automation and the necessity of meaningful human review, which we’d like to see more of on the requestors’ side.
The final category, fair use, includes multiple examples that are obvious to a layperson as non-infringing. Not included here are edge cases that ought to be adjudicated by a competent authority (whether at UDRP or in a local court).
Here, the domain includes the full trademark “Rolex” but is in use by a different company whose registered name (Petrolex) includes that trademark.
In each of these cases, the domain name contains the whole trademark separated by additional characters (“Insta[…]gram” or “Face[…]book”) but bears no relation to any infringement of it. While these domains no longer have any hosted content, at the time of review, they were in use by a company specializing in personalized t-shirts and other apparel and by a biblical outreach group, respectively. Both of these are clearly fair use and should never have resulted in a request for data disclosure.
These do not contain the full trademark but only portions of it or portions of misspellings previously adjudicated at UDRP (here, “f…bo” and “insta”). The domains boucheriefacedeboeuf.com and zharfambook.com remain active, in use by a butcher and what appears to be a literacy site. While lincolnstainedglass.com no longer has any hosted content, at the time of review, a small stained glass company was using it for their business. Again, these are clearly fair use upon meaningful human review.
While each of these domains uses the full trademark (“Facebook” or “Instagram”), they nevertheless evince an indication that the domain is or will be used to discuss grievances with the company in question. Tucows takes no position on the merits of these discussions but notes that trademark use should not be used as a cudgel against speech.
The Tucows process for disclosing data remains aligned with industry best practices and we continue to be actively involved at ICANN both to closely align our processes with expected policy outcomes and to ensure that the rights of all individuals are respected in those policies. We look forward to continuing to share these statistics on a regular basis to contribute to broader industry understanding of the registration data disclosure landscape.
As of this month, our parent company, Tucows, has officially been in the domains business for 20 years. They introduced OpenSRS (Enom’s then-rival, now-sister company) in 2000, not long after Enom was born. Tucows lifers share a lot of nostalgia for this era; though Tucows has grown to become the largest wholesale registrar and ventured successfully into Fibre Internet and Mobile, a unique fondness for OpenSRS’ early years remains. So what made those early years so cool? Michael Goldstein, Director of Marketing at the time, laid it out for us:
I am intentionally googling none of my recollections about the early days of OpenSRS so they will almost certainly be romanticized, exaggerated or just plain wrong. A few themes jump out at me.
In a little corner of the world, Network Solutions was an evil empire. A government-sanctioned monopoly was getting fat and greedy and the product that they controlled (domain names) was quickly becoming more crucial to many millions more end-users around the globe. The channel (Web hosts, ISPs, IT consultants) was overcharged and underappreciated. We believed so strongly that these managed service providers (as we liked to call them at the time) knew the end users best and would take the best care of them if they just got the tools and pricing they needed.
It was fun to be a hero to that very narrow target. It was fun to offer a 70% price break from what Network Solutions was charging. It was fun to witness hypergrowth. In fact, you could argue that our unspoken tagline, “OpenSRS, we’re not Network Solutions!” was so successful, Tucows has really just imitated that same model and re-lived that sort of revolution again and again. Hover, we’re not GoDaddy! Ting, we’re not AT&T or Comcast!
When trends and forces are all delivering customers to your doorstep, it’s pretty easy to think you are clever. We ran magazine ads that said, “You can get a lesser product, lousy service and a bad attitude. But it’ll cost 3 times more.” (Oh, fun fact! Andy Berndt, the guy who wrote that ad for us as a freelance copywriter, is now in charge of all creative output at Google as founder and Managing Director of their internal Creative Lab. He also played Duke basketball for a season as a walk on.)
We built the .MOO top-level domain to demonstrate our registry management solution. I also personally gave away two cows at ISPCon in San Diego to celebrate our two-millionth (I think!) domain name registration. The prize was actually a choice between two cows, a year supply of milk or the cash equivalent. We bet heavily on the winner taking the cash.
I rented the cows from a nearby dairy farmer for just one hour and paraded them across the plaza outside the conference center to chants of Who Let The Cows Out! (If that reference isn’t immediately familiar to you, I’m not going to explain it.) If I remember right, we intended to also highlight the winning registered domain name in our promotional materials and media outreach but chose not to because it was pretty shockingly pornographic (like the thousand domains registered before and after it). Good times.
Everything we did was done to quickly solve a problem or seize an opportunity. We listened well. We hustled. But we never expected that we would be using the things we built twenty years later. We certainly never imagined that we would eventually acquire and integrate half the other challengers that launched at the same time we did. Now we’re all growneded up. We are building an integrated platform that can accommodate over 25 million domain names and over 40,000 managed service providers (or whatever we call them these days) around the world. We proudly offer a huge selection of TLDs, from .ABOGADO to .ZONE. We talk about scale and efficiency. We brainstorm and measure site usability. I think we ultimately do a better job for our customers today than we did back then. I don’t think we’ll ever be quite as cool .
Founded in 1999 by two students offering web-design services, Hostnet has grown into one of the largest and most customer-friendly hosting providers in the Netherlands. Today, they offer domain names, website hosting, a website builder, and other business services to a growing number of customers. Since 2000, they’ve used Tucows to power domain registrations and management for a large part of their business.
Here’s a snapshot of our conversation with Bas Schouten, Product Manager (Domains), Hostnet BV. We touch on Hostnet’s successful journey and how their partnership with Tucows (Enom’s parent company) has helped them create value for end-customers and capture growing business opportunities.
In the beginning, Hostnet was selling hosting and domain names from an attic. This was back in the days when customers placed their orders via fax. Needless to say, it involved a lot of manual work. A lot has changed over the years. For one thing, orders are no longer sent via fax, but via the Hostnet webshop. Requesting and registering a domain name is now automatic. But we’ve also expanded our product offering. In addition to hosting and domain names, we’ve added solutions such as email, Microsoft Office 365, and various other Managed Services.
In 20 years we have become one of the largest and most customer-friendly hosting providers in the Netherlands. During this time, we grew to a 50-person, then 100-person company. Along the way, there have been milestones in the number of registered domains and active hosting packages we have under management.
Hostnet has been a Tucows reseller since 2000—nearly 20 years. Tucows is our valued partner in areas such as domain registration and SSL certificates. By working together with Tucows, Hostnet has been able to offer registrations under multiple top-level domains (TLDs) since 2000. Tucows also helped us effectively expand our top-level domain offering when the new TLDs became available, starting in 2014.
With the right marketing, new top-level domains can be the biggest opportunity (growth rate wise) at this time, which is great. I think, in general, customers like new domains, although there are many new extensions that are just too long/niche to be actively used. The beauty of new extensions such as .SITE, .ONLINE and .TECH—all of which are popular in the Netherlands—is that domains in these zones are so valuable when the more traditional options (like .NL or .COM) are already taken. This has already begun to happen to a large extent.
I’d say .ONLINE and .SITE are quite popular in the Netherlands. In fact, .ONLINE is currently Hostnet’s best performing new domain extension and tops the charts in terms of sales volume and growth rate. I believe that .ONLINE is the largest new extension in the Netherlands.
With the eCommerce market booming, we are also seeing a good uptake for .STORE, with live websites from our customers growing consistently on this extension.
Other than that, .NL and .COM are well-known in this region.
We have made the most of Tucows’ promotions mostly by reducing the pricing to our customers for those TLDs, in some cases paired with marketing initiatives such as Social Media posts or mentions in newsletters. In addition, some registry partners, such as Radix, consistently put forth content that has helped us keep the offers fresh and exciting for our customers. These efforts, in most cases, contributed to a significant rise in sales.
My recommendations would definitely include .ONLINE, .STORE, .SITE, .SHOP and .APP. All of these are great TLDs. .ONLINE and .SITE are more generic, while the other three clearly state what they’re used for.
New extensions definitely offer a lot more options to choose from and allow people to register a domain that may be unavailable under the more conventional .NL and .COM TLDs. More importantly, new domain extensions are an opportunity to state more clearly what your website or product is all about.
I am most proud of the exceptional service we provide to our customers. We’re professionals who are reachable by phone, chat, and email most of the week and are committed to assisting our customers with any problem, as thoroughly as possible. Hostnet is definitely a customer-first business and that has significantly contributed to our growth and success over the last two decades.
This post was sponsored by Radix. Many of their TLDs, including the super popular .ONLINE, .STORE, and .TECH are on sale now through Enom. Learn more.