Bought a dropped .co.uk but Ionos are cybersquatting on the .uk

[Siusaidh]

Today I registered a .co.uk I very much want to develop. The previous owner had let it expire. I want to secure the .uk to protect my brand as part of a wider project. However... Ionos mass-registered 10's of thousands of .uk domains on June 6th, and the .uk I want was one of them. In previous conversations with Nominet, Ionos and Fasthosts I've been told they did these mass registrations to protect the .co.uk's brand from "cybersquatters".

Now I very much want to develop this name in the .uk as well as the .co.uk form, but I can't because, ironically, Ionos are now cybersquatting on it. I'm trying to escalate this as a test case, because nobody asked Ionos to register that name, and the previous .co.uk holder (who had 5 years if they wanted to reg the .uk) not only didn't want the .uk but as it turns out didn't want the .co.uk and let it expire.

It just seems wrong to me that Fasthosts and Ionos sit on (I have the whole file) over 100,000 domains, in breach of the original intention set out by Nominet - and both they and Nominet have claimed it is to protect from cybersquatters, yet the only people cybersquatting this .uk domain is Ionos/Fasthosts.

I've been speaking to Ionos this morning to escalate this issue.

It is hypocrisy not to release the domain.

 

[RobM]

Agreed. Let us know how this turns out.

 

[dee]

Good luck ! WIll be interesting to see what they do.Unfortunately it will probably be ' computer says no '

 

[Murray]

If you weren't the .co.uk registrant with the .uk rights at the time it was registered then I don't see them listening to any complaints

 

[Siusaidh]

Well... Stage 1... Phone call to Nominet Dispute Resolution Team.

My case: Even if the mass registrations were done with good intention to protect .co.uk registrants from cybersquatters, that good purpose ends when the .co.uk domain drops because there's nothing left there to protect, and therefore the .uk name should be deleted because the justification for renewing it in June no longer exists.

Response: These domains were registered in the name of the .co.uk registrant, so even if that registrant did not request it, only that registrant can consent to the .uk domain being deleted, and Nominet cannot contact that registrant because of GDPR. Also, Nominet have no way of knowing whether the .uk registration was initiated by the .co.uk registrant themselves, or by Ionos.

Outcome: My only option is to ask Ionos if they will contact the .uk registrant and ask them if they still want the domain.

I can see that this is a case I am unlikely to win, and Dispute Resolution was always going to be a non-starter. I still maintain, though, that Fasthosts/Ionos effectively cybersquatting on 100,000+ domains is abuse of process, if not technically, then certainly in spirit, when they don't release names that they know no longer defend the .co.uk because it's dropped.

You can't defend a domain that no longer exists.

 

[Siusaidh]

If you weren't the .co.uk registrant with the .uk rights at the time it was registered then I don't see them listening to any complaints

I totally agree! But it was so predictable that these two co-owned companies would end up sitting on 100,000 unrequested domains. In my opinion, Nominet offering free registration was like opening a door and allowing a gatecrasher to come in and trash their previously-stated policy.

I guess I will have to wait until next June when they've promised these 100,000+ domains will be released. It seems to me there is no good purpose or legitimate case in not deleting these 'hijacked' domains as soon as the name they are allegedly protecting (the .co.uk) drops. Even if the original intention is 'marketed' as benevolent - "to stop the cyberquatters" - that function ceases to be benevolent when there is no longer a .co.uk name to defend.

 

[RobM]

If you weren't the .co.uk registrant with the .uk rights at the time it was registered then I don't see them listening to any complaints

No but it would be interesting to see how they spin it. They were doing all the co.uk registrants a 'favour' by registering the uk for them all without their permission (or knowledge in many cases) to stop people cybersquatting - ie registering the domain with no development or usage plans solely with the intention of selling to someone else for a higher amount. They are now doing the same. So will they offer to sell it to Siusaidh at reg fee or will they let it drop. Anything except those two things is evidence of a bad faith registration as it was never their right to have the domain in the first place.
Did the domains they registered have autorenew set?

 

[Siusaidh]

Personally, I think these mass registrations were a stitch up. From Nominet's point of view it massages the registration figures. From the big Registrars' point of view, it extends the time they hold and hope to get renewals a year later, and also stops rival registrars getting the advantage and control. They claim they will release all these names next June and just let them expire. I hope that's true. My take is they have no grounds for retaining .uk versions of dropped .co.uk's right now. Involuntarily listing the Registrant as the Registrant is kind of abuse of process in my opinion. It pretends the Registrant was the Registrant. No. The Registrar was the Registrant. In most of these 100,000+ cases it was not an action requested or carried out by the original .co.uk registrant. They'd spent 5 years deciding not to register the .uk. And then, in growing numbers of cases like the one I've cited, they don't even want the .co.uk

When that becomes clear, and a de facto reality at the name's drop, I'd argue that there's no real active registrant at all, except the registrar companies who carved off so many names... to prevent cybersquatting!!!

 

[redbird]

They claim they will release all these names next June and just let them expire. I hope that's true.

I would have thought that must be what will happen as someone will have to pay the renewal fee and presumably the original co.uk owner isn't going to pay. This situation only exists because of them being free to register.

Interested to see how you get on.

 

[RobM]

Unless of course nominet decide to have another 'special offer' around that time because they don't suddenly want millions of domains dropping off their registry. Also if they are set to autorenew there will be a lot of people paying without realising. I've fallen foul of that a few times with other extensions. At least I actually *chose* to register them in the first place though.

 

[redbird]

@RobM I wonder what the legalities are in the situation where something you have never authorised to be "purchased" in the first place is set to auto renew that certainly has never been authorised.

Being charged for anything you have not ordered can't be legit and I don't think the argument that "you had chance to cancel" would be valid in my opinion

 

[Siusaidh]

The issue of autorenewal is obviously important. It may be that Fasthosts/Ionos have already switched off autorenew for all these domains. I have yet to find that out. Very clearly in Fasthosts General Terms *which the registrant is required to tick and agree to prior to registration* it states: "Unless otherwise specified, services are provided for a minimum contract term of 12 months and unless cancelled in accordance with Clause 6, will automatically be renewed for further periods." (General Terms and Conditions 3.1)

 

[Siusaidh]

I have two other questions.

1. Is it allowed to Register in someone else's name, if you have not asked them, and they have not agreed?

(For example, can I randomly register a domain name in Rob M's name?)

And let's say it is...

2. How can the designated Registrant tick and agree to the terms and conditions attached to registration, as Nominet requires, and as set out for example by Fasthosts (for example in the 'Acceptable Use' section 8 of General Terms and Conditions) or the Terms of Service that registrants are required to agree to prior to registration?

In the case of 100,000+ domains mass-registered by Fasthosts/Ionos... if the 'Registrant' has not agreed to the Terms of Service, and the conditions for acceptable use that Nominet requires... then is that acceptable practice?

 

[super-whois]

One of the requirements of a DRS is to prove that the registration is abusive... that doesn't seem to be difficult in the case of .uk RoR domains registered "on behalf of" the rights holder. Of course, proving you have a right to the name is something else. Maybe this needs a carefully worded DRS, the first step of course is Mediation, it would be interesting to see if Fasthosts/Ionos, did this bulk registration in their own name...

 

[Siusaidh]

Apparently the .uk names were all registered in the names of the .co.uk registrants.

That's why I'm asking how those registrants agreed to comply with the terms and conditions of the registration: as Fasthosts are required to make sure they agree prior to registration: "we have a duty to ensure that all customers using our services comply with the UK Registrar agreement (to which we are bound as a UK Registrar)" (Fasthosts).

For example, Nominet requires a Registrar to: "

Make registrants aware of your contract with them before the contract is made and before renewal, and make registrants aware of any changes to key terms in your contract"

https://registrars.nominet.uk/uk-namespace/registrar-agreement/registrar-obligations

How can you do that, if you are registering a domain in someone else's name, and they haven't asked you to, and you as a Registrar go ahead and register without complying with Nominet's requirement that the designated Registrant consents to the contract and terms BEFORE the contract is made?

100,000+ domains have been registered without the designated Registrant agreeing to the terms. That contradicts Nominet's requirements, doesn't it?

 

[Siusaidh]

Also, aren't there crime and cybersecurity and acceptable use issues involved where a registrant hasn't taken responsibility to comply with Nominet's terms and conditions, and acceptable use? Surely Nominet's terms and conditions are there for a reason, and if the registrant hasn't agreed to the terms and conditions in advance (*as required by Nominet*), shouldn't that registration be suspended or declared null and void?

Not that I think that will happen...

In my opinion, at the very least, all designated 'Registrants' should be emailed and told they must agree to the terms, and confirm they want the domain name, and if they don't reply within 30 days, then Nominet should delete the name as it clearly doesn't comply with their terms.

We are talking about 100,000 zombie domains and 100,000 designated so-called 'Registrants' who haven't been registrants at all. And these domains include many popular and high demand domain names which could be developed and put to good use, if they had been returned them to public availability after the 5 year period.

 

[bulkcorn]

Why don't you make an offer to them on the name you want? The only reason they mass-regged was to make profit off those names.

 

[Siusaidh]

What I want most of all is proper process, respected and upheld. What I hate about the domain industry is when it lapses into 'laissez-faire'. I've seen that with ICANN. I don't want it here in the UK. There's a mindset in some parts of the domains industry that seems to say: 'this is the internet, anything goes, wildwest rules'.

I see the internet as a huge potential good, and the DNS is a key part of that fabric. The DNS needs to be administered with scrutiny, and ought to be accountable to internet users too. Protocols matter. They should not just be overridden. The protocol for the .uk roll out was clear: 5 years RoR then release of all names to the public. Offering a 'free registration' window and allowing large registrars to mass-register names for a 5th year transgresses the spirit and defined intention of the policy that was presented (in my opinion).

The UK's DNS is too important to be run simply as a private enterprise. Industries, charities, individuals, hospitals depend on it. So it needs to be run with transparency and reasonable accountability. All Board Meeting and Committee Meeting minutes should be published and available. If it's good enough for Hansard and Parliament, it should be good enough for the DNS. There ought to be a Users' group embedded in the running of the domain system, and - to avoid the incestuous relationship we've seen between ICANN and big registrars - Nominet should be run with a balance of interests, and should avoid at all costs handing too much power and influence to big registrars.

Because the DNS is a public commodity that exists for the benefit of the whole UK public, the running of the DNS should be accountable and reporting to the public's representatives.

What I worry about here, in the case at the heart of this thread, is that clear policy intentions have not been enforced - instead of the promise to release all names after the very generous 5 year period, the conditions are created (free domains) for 100,000+ domains to be hijacked by big registrars, who register them without prior consent to unwitting individuals, and furthermore seem to me to break Nominet's own Terms and Conditions for Registrars by not seeking PRIOR consent to all terms and responsibilities BEFORE registering the domains. What is more, this mass-registration clearly extended the 5 year period to a 6 year period, for whatever reason. And when Nominet and the large registrars involved are challenged, they claim they are doing it to defend the names from cybersquatters. When original .co.uk names drop, so there's nothing to defend, they don't release the names to the public but effectively become cybersquatters themselves, because the only real justification for extending the 5 year period of the policy to 6 years ceases to exist at the moment a .co.uk drops.

This is not tight administration of the namespace. Some would argue that it uses 'laissez-faire' and looseness to open the door to benefits to the Registry (increased registration figures) and benefits to the true 'Registrants' (the Registrars) of the zombie .uk domains. These are all just my views, and I'm open to other interpretations, but I worry that the UK's namespace seems to be open to arrangements like this:

Registration in someone's name without their permission.

Retention of domains beyond the 5 year period stipulated.

Registration without prior consent on a mass scale (over 100,000 domains).

Registration without prior acceptance and consent to the terms and conditions.

Which in turn fails to meet a stipulated Nominet rule for Registrars.

Retention of these zombie domains, even after the .co.uk versions they are allegedly defending no longer even exist.

The question - which some but not all registrars have responded to - about auto renewal of these zombie .uk domains, which the attributed 'Registrant' never asked for, but which may yet (in some cases) be auto-renewed next June, at cost to the person who never asked for any domain to be registered to them in the first place.

 

[RobM]

Somewhere though you have got the wrong impression about nominet. They can, and will, do exactly what they want. As nobody, it seems, can change that you either have to get used to dealing with them or not join in the UK domain market. Yes they have been given a monopoly. Yes they abuse it mercilessly for their own financial gain. And?
Do we see letters to MPs? Do we see court cases? Do we see any actual challenges? Do we see investigations into their links with registrars or direct beneficiaries of the money they funnel out? Of course not.
There is a reason big registrars can get away with exactly what they do.

 

[dee]

Response: These domains were registered in the name of the .co.uk registrant, so even if that registrant did not request it, only that registrant can consent to the .uk domain being deleted, and Nominet cannot contact that registrant because of GDPR. Also, Nominet have no way of knowing whether the .uk registration was initiated by the .co.uk registrant themselves, or by Ionos.

Surely this is a contradiction. The whole purpose of the ROR period was to give current .co.uk owners the chance to reg the uk. All registrars contacted the co.uk owners at numerous stages throughout this period explaining the options. They had EXCLUSIVE rights to the uk. The registrar did not. By saying they are 'protecting' the co.uk owners they are registering domain without the rights. They said it ;

"These domains were registered in the name of the .co.uk registrant, so even if that registrant did not request it, "

That sentence alone goes against the express rules of the ROR period doesn't it ?