<

p>In Monday's article — Elliot covered a lot of ground in his list of things you should know about when picking a domain name registrar. In this series of articles, I'll expand on what he wrote and explain some of the finer points of domain names that you might not be aware of.

Registrants, Registries, Registrars and Resellers

The last question in Elliot's list was Are you a registrar or a reseller? If these terms, along with registry and registrant are unfamiliar to you, read on — I'm going to explain what each one means.

Let me begin with the diagram below. It provides a brief description of each of these terms…

• Registrant
• Registry
• Registrar
• Reseller

…and also illustrates the relationships among them. I'll explain each of these terms in greater detail after the diagram:

Registrant

The registrant is the easiest one to explain. The registrant for a domain name is the person or organization who registered and owns the domain name. If you've ever registered a domain name, you're its registrant.

Registry

Before I can talk about registries, I need to talk about top-level domains first. A top-level domain — often shortened to TLD — is the last part of any domain name. You're probably familiar with the generic TLDs .com, .org and .net and country code TLDs such as .ca, .de, .eu and .jp.

Each top-level domain is managed by an organization called a registry, which is responsible for:

• Managing the domain names within its assigned top-level domain.
• Maintaining the WHOIS database for that domain, which stores information on each domain name in the top-level domain, such as the domain's registrant, registrar and expiry date.
• Maintaining the root servers for that top-level domain, which act as an “address book” for all nameservers responsible for the top-level domain. I'll cover root servers and other parts of the domain name system in a later article.

Registrar

In order to keep the domain name system working and stable, only organizations accredited by ICANN (the Internet Corporation for Assigned Names and Numbers, one of whose jobs is to manage the assignment of domain names and IP addresses) can register domain names. If you're curious about what sort of process an organization has to go through to become an accredited registrar, ICANN has a page that describes it in detail.

There are a few hundred ICANN-accredited registrars worldwide; Tucows is just of them. One way for you to register a domain name is to select one of these registrars, who will electronically make the appropriate arrangements with the registry and activate your domain name.

There's another way for you to register a domain name: through a reseller.

Reseller

In the previous section, I mentioned that Tucows is a registrar. However, we're a little unusual. We don't directly register domain names on behalf of registrants. Instead, we sell our capability to register domain names to other companies, who then resell this capability to registrants. Hence the name reseller.

You're probably wondering why you'd want to go through a reseller rather than a registrar. Two very important reasons are:

1. Most of the time, you don't buy just a domain name by itself. You also buy services that the domain name points to, such as a website, a blog, email mailboxes and so on. A good reseller will often offer package deals or bundles comprising what they feel are the best services, just as a good retail store will carry a selection of what they feel are the best brands.
2. Customer service. By reselling our domain name registration service, a reseller can spend less time worrying about the technical and regulatory issues that registrars face and spend more time on what's really important: their customers.

One thing to keep in mind when registering domain names through a reseller: they're bound by the policies of the registrar whose services they resell. Make sure you know which registrar your reseller uses and what their domain name policies are.

By Elliot Noss, President & CEO, Tucows

The outcry over RegisterFly has generated a lot of discussion about the regulation and oversight of registrars. (A domain name registrar is a company accredited by the Internet Corporation for Assigned Names and Numbers (ICANN) to register Internet domain names. Tucows is an accredited registrar.) In our view, much of the furor and finger pointing is missing the point. The interests of the businesses and individuals who buy domain names have been lost in this debate. There are a whole raft of existing rules and policies, defined by ICANN, that govern how the domain name registration system should work. The problem is that the people who buy domain names (formally known as registrants) are not familiar with the rules and do not know how to help themselves.

The bad news in this is that fixing how registrars are regulated and, more importantly, how the existing rules are enforced, will take some more work, especially on the part of ICANN. In the meantime, registrants need to change the way they think about who supplies them Internet services. They will need to stop focusing on price and start focusing on customer service, the services offered and increase their awareness of the rights that the existing rules give them.

Domain names are valuable intangible assets and are central to a registrant's use of the Internet. We wanted to try and help folks out by providing a set of guidelines that are intended to help registrants make good decisions for themselves. This guide is not intended to be exhaustive, but is written as if a close friend has asked us for advice. Here are the 10 questions everyone should ask a registrar before buying a domain name from them. We don’t expect registrants to necessarily dig in to all of them, but it is a place to start.

1. What is your primary business model?

This is an interesting one and needs a bit of context to explain. All major registrars used to earn money in a very similar way. They were mostly in the business of selling retail Internet services. A few, Tucows included, provided mostly wholesale Internet services to Web hosting companies and ISPs. Over time, some started to specialize in catering to large corporations who registered domains in many different countries and to other, narrower, segments. With the massive growth in direct navigation (when Internet users type their desired destination directly into the browser address bar) and the secondary market (domain owners buying and selling domains directly) things have changed. Many registrars now make more money from ads on domains in their portfolios, auctioning names and selling names in this secondary market than they do from registration fees for new domain names. Some make much more from those sources.

That is not bad in and of itself, but it might influence how they implement services like a redemption grace period.

Recommendation: Understand what business your registrar is in, and also understand who owns them and what business they are in.

2. Do you make transfers as easy as the rules allow?

Domain name portability (or “registrar transfers”) has been a source of contention in the domain registration industry from the onset of competition. For years large incumbents, at the time primarily Network Solutions the old monopoly, made it difficult for registrants to transfer their registrations to competing registrars. Since 1999, Tucows has spent thousands of people hours in both customer service and at a policy level to effect change. As a result, domain name transfer policy is now much more proscribed, much more predictable and much easier to effect.

Unfortunately, some registrars still make transferring a domain difficult. An example would be by requiring 60 days following a change of ANY contact data before a transfer can be made (another is discussed in 3 below). Thus, if you want to move to a new registrar and need to change the administrative contact email address in order to approve the transfer and do it 55 days before expiry you will not be allowed to transfer for an additional 60 days. Of course at that point your domain expired five days ago and you are at the mercy of the registrars grace period policy which often does not allow transfers only renewal of names.

Policies like this have the effect of confusing registrants and in some cases even result in people losing their names (especially if combined with short grace periods and quick triggers for auctions).

As a customer, I tend to look favorably on companies who make it easy to change services. I take that as having confidence in their ability to keep me as a customer on merit alone.

Recommendation: Understand all the rules and restrictions concerning transfers that your registrar employs. If you find them too restrictive perhaps it is a sign to keep shopping for another registrar.

3. Do you allow for easy locking/unlocking?

Domain names can be locked to ensure no changes are made to either the contact information or to the settings. This is a useful feature, however many registrars have used the locking function as a form of lock-in! They do this by locking ALL names and making the ability to unlock obscure and/or difficult. If combined with long customer service queues, limited documentation, and poor email support a domain locked by a registrar can have the effect of making changes and transfers nearly impossible.

Recommendation: Make sure you know whether your registrar locks names and if they do, how to unlock them.

4. Do you make it easy to opt-out of auto-renewals?

Auto-renew can be very useful. Well-intended registrars provide auto-renew functionality to give registrants peace-of-mind. Just “set it and forget it”. This works when the registrant is in control.

However, some registrars set all their accounts to auto-renew by default. In certain situations like monthly billing, this may be the right choice for a registrant. The problem with auto-renew comes when you don't want to renew the domain name or you want to change registrars or when it is set too early in the renewal process.

Recommendation: Find out if your registrar offers auto-renew, what their default setting is, and how to change it if you want.

5. Do you tie domains to your services?

Some registrars use domain names as a loss leader to upsell other services. There’s nothing wrong with that as long as you can easily change any and all relevant information to what you want it to be. If you want to change where your nameservers point you should be able to change them. If you want to re-point the mx record controlling your email, you should be able to.

Most importantly, does the Registrar let you change the contact information on your whois record to whatever you want? With the exception of possibly the technical contact there is no excuse for not letting you change the information on record to whatever you choose. And remember, in many respects the administrative contact is the most important contact in the mix. Make sure you set it to who you want it to be.

Historically, many web hosting companies and ISPs set all the contact information to their own and handled all of the administration for generally confused registrants. Many still do and overwhelmingly they do so appropriately. Others, however, do not.

Recommendation: Ask about and understand any restrictions on changing contact information.

6. Do you offer Whois privacy? What are your privacy policies in general?

Whois privacy is much discussed with the whole RegisterFly mess. Whois privacy is a service offered by registrars who act as an intermediary to protect the personal information required when registering a domain. And it is generally a good service some registrants will want to use. Does your registrar offer it? If they do, how much do they charge? Many registrars charge more for whois privacy than they charge for the domain name registration itself.

What are their privacy policies, and perhaps more importantly, what is their practice when enquiries are made? Registrars diverge wildly in how they treat incoming requests for information or complaints.

Recommendation: Understand what both the policies and the practices of your registrar are with respect to whois privacy and privacy policy in general.

7. What are your policies on compliance issues like litigation, ownership disputes and WDRP?

There are a number of compliance issues that can effect domain names. Does your registrar have a dedicated compliance department? Will they inform you of a dispute? Will they help you understand what your rights and responsibilities are? Recent examples, have also called into light how registrars respond to court-orders and requests from law enforcement. The practices of registrars vary widely here and are central to your ownership.

Recommendation: Know your registrar’s policies and practices with respect to compliance issues and how you contact the compliance department.

8. How easy is it to contact you?

How easy is it to find the contact information for customer support? Many online businesses focus on making it easy to buy their services but MUCH more difficult to obtain support for them.

Recommendation: Try and find the contact email addresses and phone numbers BEFORE buying.

9. What happens when my domain expires?

Every registrar has a grace period after the actual expiry of a domain name. The timing of when names “drop” is extremely important in figuring out how much room you have to make mistakes. It used to be that almost every registrar offered a 40-45 day grace period and after that an ICANN-mandated 30-day Redemption Grace Period (”RGP”). During RGP the name was more expensive to redeem (usually $100-150) and could only be redeemed by the registrant, but at least you could still get it back.

With the growth in what’s called the domain name aftermarket this has changed significantly. Fewer and fewer domain names are “dropping” or becoming available for re-registration on the open market. These days, grace periods have shortened for many registrars and what happens during this period has changed. Virtually every major registrar now either auctions names when they expire or takes the names they want from the pool of expiring names for their own portfolio (or some combination of both). The important thing to understand is how registrars do it and when do they do it.

Recommendation: Find a registrar that provides at least a 40 day grace period and that respects an actual or implied RGP for 30 days after that. In other words, you should not irrevocably lose your name for at least 70 days after the expiry date.

10. Are you a registrar or reseller?

This is often misunderstood. A registrar has been accredited by ICANN. Resellers purchase domain names from registrars for their customers.

In our view, dealing with a reseller is often preferable to dealing with a registrar directly, especially if you are buying a bundle of services like email or a web hosting package and even if you are just buying a domain name for use with services at a later date. By the way, any small business or individual will be buying a domain name to use on some level with other Internet services making the distinction between reseller and registrar somewhat artificial. What you really need to look for is a quality supplier of Internet services that you can trust and who helps make using Internet services easier.

Recommendation: If using a domain name reseller, simply make sure that you understand all of the above policies as provided by the registrar with whom they choose to do business.

Summary

The domain name business continues to change. Despite evolving business models, we believe registrant rights deserve to be front and center.

Our suggestions:

• Make sure you know how domain expirations work. Getting a domain back after it has expired is increasingly difficult and costly.
• Know how to lock and unlock your domain so you can make changes if needed. Also take a look at transfer policies, and make sure they are reasonable and easy to understand.
• Before you hand over your credit card, understand how a registrar’s auto-renew works. You should be able to stop an auto-renewal if you don’t want to hold on to a domain name.
• Make sure you’re working with a reputable registrar or reseller who is in the primary business of providing services to businesses or consumers. Make sure you can find their contact information and privacy and compliance policies.
• Ask people you trust who they use to register domain names and find out if they have ever had to have the supplier help them with problems. Often, “I use xyz and have never had a problem”, means just that, they have never had to DEAL with a problem. It is when problems arise that the difference between a good and bad supplier becomes clear.

By doing your research you may be able to protect a valuable asset - your domain name.

As this article illustrates, there is a lot of interest brewing around ICANN’s proposed Whois privacy policies. I suspect that a lot of this interest is due to the fact that the intellectual property community can see the end of their free ride and they are really turning up their efforts in a last ditch attempt to overturn ICANN’s progress.

For as long as the Whois system has been around, they’ve been able to look up your personal contact data and churn out demand letters and other nasty legal notices on demand. The problem with this behavior is that the system was designed to support this type of activity, nor should this type of activity be continued at the expense of the privacy rights of the majority of internet users. The intellectual property lobby pays *nothing* for the ongoing support or maintenance of this sytem, yet they put incredible demands on it. I have actually asked them who should pay for change to the Whois system necessary to support their demands and they’ve said point blank that the most equitable way would be to tax all domain registrations!

I spoke with Nick Jesdanun of Associated Press yesterday about the whois policy recommendations that were recently put forward, and he’s written a typically great article about the general issues surrounding whois and whois data privacy.

Many owners of Internet addresses face this quandary: Provide your real contact information when you register a domain name and subject yourself to junk or harassment. Or enter fake data and risk losing it outright.

Help may be on the way as a key task force last week endorsed a proposal that would give more privacy options to small businesses, individuals with personal Web sites and other domain name owners.

– Nick Jesdanun, Associated Press

I would have liked to have seen the article include a slight bit mroe detail around some of the reactions coming from outside of North America. Hollywood’s lobby is pretty strong on this side of the pond, but that hasn’t stopped heavyweights like the European Union from weighing in on the issue on the side of privacy [PDF].

After years of debate, ICANN is moving towards adopting policy recommendations that will reform the gTLD whois system and allow registrants a greater degree of privacy, certainty of ownership and control over their internet identity.

Law.com has a decent write up on the whois issue, albeit with a decidedly pro-intellectual property slant.

An organization that polices the domain name system is likely to decide this year — after several years of debate — to adopt a new policy that would let Web site owners keep most of their contact information confidential when they register for a name. Instead, they would be allowed to list a separate go-between point of contact.

The basic issue at stake is whether or not intellectual property lawyers should continue to have unfettered access to your customer data or not. The usual suspects - the RIAA, MPAA and curiously, internet heavyweights like Microsoft and Yahoo! say yes, definitely. Naturally, Tucows came out on the side of the customer and held the line to ensure that basic personal privacy rights are respected as far as domain registration data goes.

The upcoming ICANN meeting in Lisbon will certainly see more discussion on these issues, but the recent closure of the Whois Task Force is a great step in the right direction.

Tucows has been at the forefront of this issue since the beginning, we'll definitely keep you informed as it progresses.

As I write this, it's March 14th at 1:59 p.m., which can also be written as 3-14 1:59. In other words, it's time for π! Happy π Day!

To celebrate, an anonymous π provider left these in the Tucows lunchroom:

From left to right: cherry, apple and blueberry π.

Thanks, anonymous π provider!

Recommended Reading

The number π is the Kevin Bacon of mathematics, appearing unexpectedly in all sorts of branches of math beyond figuring out the circumference and area of a circle. To find out more about π, see:

• The π day site
  
• The Wikipedia entry
• The π Pages
• The “Ask Dr. Math” page on π
• A history of π
• The YTMND site

Last week, our very own Director of Product Management, Kim Phelan, co-led a discussion at last week's Toronto Product Management Association meeting with Michael Kolm, President of The Outsourcing Lab. Blogger Chris Gurney attended this meeting and wrote up a summary of what happened in an article titled Both Sides of the RFP/RFI Process:

At last week’s Toronto Product Management Association meeting, I had the pleasure of being involved in a discussion about both perspectives on this process: the fulfillment side and the creation side. Leading the forum were  Kim Phelan, Director, Product Management, for Tucows, and  Michael Kolm, President of The Outsourcing Lab. The room full of product managers represented the fulfillment side of the process, though the questions and the direction of the conversation tended towards the buyer’s perspective.

Tucows, whom you may remember as a leading software download site, now sells web domains (through its Domain Direct service), web hosting, web publishing solutions, spam protection, and other services. In order to fulfill the creation of these products, Tucows works with multiple 3rd-party vendors. Locating the appropriate vendors is typically accomplished through an RFP process.

Well done, Kim!

Here at Tucows, we’re mindful of the astounding leaps and bounds that the Ruby programming language had made in the past few years. When I started here in July 2003, Ruby was an obscure programming language and our programmers’ decision to code Blogware (the blogging platform for this blog) in Ruby was considered dubious by many. Thanks largely to the Ruby on Rails web development framework and also to the strength and friendliness of the Ruby development community, Ruby has been adopted by many programmers — many of whom are Java “defectors” — as their favorite new language (new to them, not new to the world; Ruby debuted in 1993).

Mike Bowler of Gargoyle Software was kind enough to share a simple snippet of code with us. It’s a transliteration of the example code provided in the XML Over HTTPS Post documentation [176K PDF] into Ruby.

Here’s his code being used to send a LOOKUP DOMAIN command for the domain example.com to the Horizon test server. The server response is simply printed onscreen:

require 'net/http'require 'net/https'require 'digest/md5'

srs_host = 'horizon.opensrs.net'srs_port = 55443srs_user_name = 'YOUR USER NAME GOES HERE'srs_private_key =    'YOUR PRIVATE KEY GOES HERE'

requestXml = <<-END<?xml version="1.0" encoding="UTF-8" standalone='yes'?><!DOCTYPE OPS_envelope SYSTEM 'ops.dtd'><OPS_envelope> <header>   <version>0.9</version> </header> <body>   <data_block>     <dt_assoc>       <item key="protocol">XCP</item>       <item key="action">LOOKUP</item>       <item key="object">DOMAIN</item>       <item key="attributes">         <dt_assoc>           <item key="domain">example.com</item>         </dt_assoc>       </item>     </dt_assoc>   </data_block> </body></OPS_envelope>END

digest = Digest::MD5.hexdigest(Digest::MD5.hexdigest(requestXml+srs_private_key)+srs_private_key)

http = Net::HTTP.new srs_host, srs_portdoc = nil

begin  http.use_ssl = true  req = Net::HTTP::Post.new('/')  req['Content-Type'] = ‘text/xml’  req['X-Username'] = srs_user_name  req['X-Signature'] = digest  req['Content-Length'] = requestXml.size.to_s

  response = http.request(req, requestXml)  puts response

ensure  http.finish if http.started?

end

It’s simple enough, but I hope to make this the basis for a Ruby library — perhaps a Rails plugin or helper — for accessing Tucows’ APIs.

Please note that this is not official code – it’s something that a partner wrote and kindly shared with us to share with you. It comes with no guarantees. Support won’t be able to help you, and I’m just figuring it out myself. I will be posting more articles about it, and if you have any comments, questions or suggestions, let me know in the comments for the article or drop me a line!

Our thanks to Mike for sharing his code with us!

In a former life, I did a lot of work in Visual Studio — writing custom apps in Visual Basic at datapanik, a partnership with my friend Adam Smith, then in VB and C++ at OpenCola during the bubble, then in C# in the early 2000’s. However, between having written only desktop apps and not having worked with newer versions, web app development in Visual Studio is completely unfamiliar turf for me. I’m picking it up slowly, but with my commitments and schedule, it might take a while.

Luckily, a stand-up guy named Bryan Costanich stepped up to the plate and, with a little consultation with me and the folks in tech support, put together the basis for an XCP/TPP client written in C#/.NET. He showed me a site written in C# that mimicked much of the functionality of the Tucows Reseller Web Interface (RWI) and it ran quite quickly — like snakes on ice.

I need to set aside some time to go through his code so I can write some docs and example code, but in the meantime, I’m posting the code here. If you’re familiar with Visual Studio, ASP.NET development and C#, you should be able to figure things out. If not, I’m working on the docs.

He gave me these two zip files:

• Tucows .NET Client [173K]
• Tucows .NET Client Test [128K]

Please note that this is not official code – it’s something that a partner wrote and kindly shared with us to share with you. It comes with no guarantees. Support won’t be able to help you, and I’m just figuring it out myself. I will be posting more articles about it, and if you have any comments, questions or suggestions, let me know in the comments for the article or drop me a line!

I’d like to thank Bryan for sharing his code with us. Without his generosity, I’d have way more work to do.

Speaking of domain name statistics, here's an interesting one: the .mobi registry is reporting that since its launch in October 2006, 400,000 .mobi domain names have been registered.

The press release has a boast-by-comparison: it states that in the first ten years of its life, the .com domain saw only 100,000 domains registered. Keep in mind that the ten-year span of which they speak is the period from 1985 to 1995. To give some perspective: this timeline of computer history says that in 1986, one year after the creation of the .com TLD, there were 30 million computers in use — and there was no ISP industry back then. Now consider the size of the mobile phone platform before .mobi months before the availability of .mobi: this article from May 2006 says that the worldwide total of mobile phone subscribers was 1.8 billion. That's a platform three orders of magnitude larger.

There are some interesting domain name statistics contained within the latest edition of Verisign's quarterly Domain Name Industry Brief [808KB PDF]. I've taken some of the numbers contained within and turned them into graphs, which are shown below:

If you think that people have stopped registering new domain names, think again. At the end of 2003, there were just shy of 60 million domain names registered. By the end of 2006, that number had doubled to 120 million:

A shade more than 3 in 4 names are being renewed; in the last quarter of 2006, the renewal rate was 77%:

Verisign did an analysis of about 67 million .com and .net domains to see what web sites “lived” on them. If sites with multiple web pages are to be considered “live”,

• 63% had “live” sites”
• 23% had “parked” (or were single-page sites)
• 14% had no site at all

There was a big jump in international character domain names — from the end of 2005 to the end of 2006, their number increased by 89%, a near doubling:

For more information, download the Domain Name Industry Brief.