MENU
  • Enom.com
  • Resellers

Enom Blog

Announcement
Category

  • Our Ongoing Commitment to Combatting DNS Abuse

    October 18, 2019

    Announcement, Featured, News

     Like

    Views: 566

    Abuse is a significant problem on the Internet today and, as a provider of Internet infrastructure services, we constantly consider what role we should play in combatting this issue. We actively investigate and respond to reports of abuse, but like other registrars and registries, we’ve been alone in developing our approach—until now.

    Abuse has been a growing topic of conversation in our industry. Today, several major registrars and registries released a DNS Abuse Framework defining what types of abuse to the domain name system (DNS) we are the appropriate parties to take action on. It’s our hope that this commitment by DNS providers to address abuse on our platforms will help establish industry-wide standards that both protect free speech and ensure that the Internet remains free and open while keeping malicious online activity in check. 

    What is DNS Abuse? On the surface that should be easy to answer: it’s abusive use of the domain name system. But as you get into the details, there are often more questions than answers. Who decides what is abusive? Who should respond when it happens? As a domain name registrar, our obligations are spelled out in the Registrar Accreditation Agreement (RAA), but although we must “take reasonable and prompt steps to investigate and respond appropriately to any reports of abuse,” (RAA 3.18.1) the RAA doesn’t provide a specific definition either of abuse or of what steps are reasonable.

    For some registries, Specification 11 of their respective Registry Agreements provides more assistance, referring to specific types of behavior as security threats: pharming, phishing, malware, and botnets. Until now, however, there has not been a consistent, common understanding of how to define abuse, meaning we haven’t been able to come to an agreement on who should respond when it happens.

    This new DNS Abuse Framework proposes a shared definition of DNS abuse, relying on the Internet & Jurisdiction Policy Network’s definitions of the four behaviors listed in the Registry Agreement plus spam (but only when spam email is used as a delivery mechanism for another type of abuse, such as malware). This Framework also considers additional types of abuse that DNS providers should respond to—even if we are not required to do so under our respective contracts. Reaching a common agreement about what constitutes DNS abuse is a crucial component of any industry-wide efforts to mitigate that abuse. 

    We encourage all Enom resellers to read through the Framework and become familiar with these types of abuse. To help, here’s a summary.

    Malware is software that is installed on a device, such as a computer or smartphone, without the owner’s consent and for malicious purposes (that’s where the “mal” comes from). This includes things like viruses or spyware.

    Botnets are networks of malware-infected computers, controlled remotely.

    Phishing is the term for a fraudulent or copycat email that tricks users into thinking it’s legitimate in order to obtain personal data or financial information such as credit card numbers.

    Pharming is the use of DNS redirection to bring Internet users to a different website than the one they intended to visit, in order to obtain personal data or financial information or install malware.

    Spam is unsolicited email; it is included in our definition of DNS abuse when it’s used as part of the delivery method for these other types of abuse, such as malware or phishing.

    As one of the collaborators of and signatories to this Framework, the Tucows family of registrars is committed to taking action when our services are used for these malicious purposes. As a community of stakeholders all seeking to provide safe and reliable Internet services, we’ve come together to find the most effective and appropriate means to mitigate these significant concerns. Since rules vary from jurisdiction to jurisdiction and there is no single global standard, we hope that this Framework helps to provide one. Having a consistent, industry-wide approach will help make responding to abuse faster and more successful, and this Framework can help those who encounter abuse online to know where to best direct their concerns so they’ll be addressed promptly.

    Read More

  • We’ve refreshed our Webmail

    June 19, 2019

    Announcement, Featured, News, Resellers, Uncategorized

     Like

    Views: 1560

    As our Custom Email service grows, we’re working to continually improve the platform while maintaining high availability.

    One essential component of our email solution is our Webmail, which is both used by Enom’s direct customers and included in the email service our reseller partners can package as part of their own lineup.

    So, we’re excited to share that we’re launching a new Webmail! Starting today, users can preview the new Webmail to get familiar with the refreshed interface before its official launch on September 5, 2019.

    What’s new?

    The new Webmail will provide a better email experience. You’ll notice improved workflows and a clean, mobile-responsive interface that makes it easier to send emails, manage contacts, organize important events, and more.

    It’s important to note that the transition to the new Webmail will NOT impact contacts lists, settings, or any other existing mailbox data. The various functionalities and features of Webmail will remain, but their look, location, and how users interact with them, will change.

    What Custom Email users need to know

    On your Webmail login screen, you’ll now find an option to “Use the Webmail Interface Preview.” Simply toggle this on and log in to use the new Webmail interface. If you have any trouble, check out our Webmail Cheat Sheet.

    Over the next few months, we encourage you to get familiar with the refreshed interface. On Sept. 5, 2019, the new Webmail will become the default experience for all users—our old Webmail will be retired.

    We’d love to hear your thoughts on the new Webmail, particularly during this “Preview” period. You’ll find a Feedback option in the sidebar menu of the new interface.

    What resellers need to know

    If you already sell Custom Email…

    The new interface offers an intuitive user experience and will NOT impact your customers’ mailbox data or your own settings or integration. That being said, there are a couple of things we recommend you do to prepare for this change:

      Update your support and marketing resources

    We’ve created a number of resources to help you out. On our Webmail Landing Page, you’ll find everything from reusable communication templates to detailed end-user guides—repurpose these materials as you see fit.

      Let your customers know about the new Webmail

    They’ll now find a “Use the Webmail Interface Preview” toggle option on their Webmail login page. Our White-Label Messaging templates can help you with your communication efforts.

      Make note of the launch timelines

    Today: your users can preview the new Webmail to get familiar with the refreshed interface.

    Sept. 5, 2019: the new Webmail will become the default experience for all users—our old Webmail will be retired.

      Let us know what you think!

    Between now and Sept. 5, our new Webmail’s official launch date, we’ll be collecting feedback to help us improve the interface. Share your thoughts

     

    If you don’t currently sell Custom Email…

    Now is a great time to add email your lineup! Custom Email has all the standard features your customers want, but it costs a lot less than other solutions on the market.

    It offers you the potential to boost revenue and customer loyalty while avoiding the resource and infrastructure costs associated with hosting your own email service. We also make migration easy.

    Want to learn more? Contact our sales team today.

    Read More

  • ICANN Updates: EPDP Phase 1 Final Report

    April 3, 2019

    Announcement, GDPR, Industry Insight

     1

    Views: 1285

    woman looks over EPDP Phase 1 Final Report

    ICANN’s Expedited Policy Development Process (EPDP) team has issued their Phase 1 Final Report, marking the end of this stage of the project. The recommendations from this Report will become mandatory as of February 29, 2020, but contracted parties (registrars and registries) are permitted to implement them sooner. We’re still determining what specific changes we’ll need to make, but here’s an overview of the expected operational impacts that you should be aware of.

    Changes to which data elements are required for ICANN-regulated TLDs

    The EPDP team has recommended that:

    • the Admin contact no longer be used at all
    • the Tech contact be entirely optional and minimized: only name, phone number, and email address.

    Needless to say, we are pleased with this outcome. For months now, Tucows has argued against the continued mandatory collection of Admin and Tech contact data, as it violates the GDPR’s requirement for data minimization. We still allow our reseller partners to pass along these data sets, but we only use them if the registry specifically requires them; if they do not, we simply hold these data on our platform and do not share them with the registry or data escrow provider.

    How is OpenSRS handling this change?

    OpenSRS will need to delete the Admin contacts we hold for existing domains, unless it’s used for a TLD where the registry contractually requires an Admin contact. Before we delete any data, however, we’ll make sure that the registries have made the required changes on their side. This will ensure that no registrations fail at the registry level due to “missing data.” An additional point to consider is that some domains registered under the 2009 RAA rules do not have any associated Registrant contact info, because at the time the domain ownership information was stored in the Admin contact fields. We’ll ensure that the domain owner information is up to date before removing any of the Admin contact data.

    What should resellers do?

    We’re doing our best to minimize any work these changes could create for resellers. Right now, our suggestion is to audit which fields you currently list as mandatory in any signup and domain update forms that you provide to your customer base. You may need to make some adjustments and be ready to implement them once the recommendations outlined above are officially required. We’ll provide plenty of notice before implementing changes on our end.  

    Changes to which data are displayed in the public Whois

    The public Whois record will continue to be mostly redacted. However, the EPDP has recommended that registrars display the registrant state and country fields. We’ll soon begin work to reflect this change in the Whois data output for all domains under our accreditation.

    Special case: publishing registrant Organization Whois data

    In theory, the Organization field holds non-personal data, so displaying it in the public Whois should not be an issue. In reality, however, the Organization field frequently does contain personal data. For this reason, the EPDP team has recommended that the Organization field should be published, but only in a way that avoids the accidental exposure of personal data.

    So, how will this be accomplished?

    Registrars have been asked to contact all existing domain owners to confirm whether or not they want their Organization info published. If the registrant opts in, the registrar can then publish the Organization data. If the registrant does not opt into publication, or does not respond at all, the data in the Organization field can either be kept on file with the registrar but redacted from the public Whois, or deleted entirely.

    What should resellers do?

    For the long-term, the EPDP team recommends a more proactive approach where a “disclosure, disclaimer or confirmation” is presented to domain owners as they enter data into the Organization field. This notice would explain both options and give the registrant the opportunity to decide if they want this information published or not. If you collect data through an online sign-up form, you may want to consider how to incorporate this notice. We’re considering how to best implement this recommendation in a way that will be clear to domain owners and represent a minimal workload for our resellers.

    Changes to which domain name contact data are shared  

    Much of the heavy lifting here has been done. As part of our initial GDPR implementation last year, we did a full audit of our TLD offerings to determine which data elements should be shared with the registry by default, as required under our contract with the registry, and which should only be shared if the domain owner gives their explicit consent to do so.

    Over the next few months, we expect to receive updated contracts from all the ICANN-accredited registries we work with. Depending on what the various registry contracts include, we may make adjustments to our data processing framework. We could end up sharing more or less data by default for specific TLDs, and may stop the collection of some “optional” data elements.

    What should resellers do?

    These adjustments will not create any work for you, the reseller, but you should be aware that some of the TLD-specific data sharing settings will be adjusted. You can always refer to Tucows’ Data Use Information page for details about the legal basis for processing the data we collect for any TLD.

    Next steps

    Hopefully, this review has left you with a good sense of what to expect over the coming months. We’ll have more updates as the EPDP team begins Phase 2 (Standard Access Model, formally referred to as the “Unified Access Model”) and works through the Implementation Review Team (IRT) process, which will turn these Phase 1 recommendations into actual policy.

    Read More

  • Tucows acquires wholesale domain registrar Ascio Technologies

    March 19, 2019

    Announcement, Industry Insight

     Like

    Views: 9496

    Earlier this morning, our parent company, Tucows Inc. released some exciting news: we’ve officially acquired Ascio Technologies, another wholesale domain registrar that, like Enom, is dedicated to supporting a growing reseller network.

    Enom and our sister brands, OpenSRS and EPAG, are thrilled to welcome Ascio to the Tucows family. The venture further solidifies Tucows’ position as the leading global wholesale domain registrar and is a natural step in expanding what we believe to be the best reseller-focused domains business in the industry.

    The Ascio acquisition not only adds 1.8 million domains under management, but a thriving network of 500 resellers that fits squarely within Tucows’ core customer profile: ISPs, web hosting companies, and website builders. The move to acquire Ascio makes sense precisely because its business is so complementary to Enom’s. It will support Tucows’ efforts to scale and leverage synergies, while remaining focused on serving a specific customer base and investing in a platform and services that benefit resellers across all Tucows wholesale brands, Enom included.

    Moving forward, it will be business as usual for all brands, Ascio included, as Tucows works to leverage the strengths of all brands to improve the business as a whole. Tucows has always been reseller-focused —  it’s in our DNA — and this acquisition, much like that of Enom itself in 2017, is a testament to Tucows’ continued commitment to, and investment in, its wholesale domains business.

    Read More

  • Enom’s Tiered Access Directory (gated Whois)

    June 19, 2018

    Announcement, Featured, GDPR, Industry Insight

     Like

    Views: 4535

    keys on surface.

    Over the past few months, we’ve talked quite a bit about the concept of our Tiered Access registration directory, also referred to by its informal title, “gated Whois”. This has sparked many questions from our reseller partners and other interested parties who are curious about how the system works, who may have access, and what the accreditation process looks like. Today, we’ll address these topics and discuss why we believe a gated Whois system is the best solution for our platform, our resellers, and our registrants.

    Why are we implementing a gated Whois?

    As we’ve written before, in updating our platform to achieve GDPR compliance, we used data privacy laws as our starting point. We worked from the ground up to design processes that we believe comply with those laws and their underlying principles, and adhere to our contractual requirements with ICANN and other TLD registries to the fullest extent possible. The changes we made, including the decision to remove contact data from the public Whois, are necessary to protect ourselves and our reseller partners from the possible legal repercussions of improperly processing or exposing personal data. Furthermore, we believe this change to the public Whois makes sense — data protection should be extended to all domain owners, and we don’t see any legal basis or justifiable need to publicly display unredacted contact data.

    That said, we acknowledge that, in many cases, third parties may have a real, justifiable need to access a registrant’s personal data, and these legitimate interests are also provided for within the GDPR’s definition of “lawful processing”. By restricting the general public’s access to personal data and introducing our Tiered Access registration data directory, we are complying with the GDPR and extending its protections to all registrants on our platform while ensuring that those with a legitimate legal basis have access to the data they need in order to protect the public and exercise their own rights.

    Who will have access and how will they be accredited?

    Through a rigorous authentication process, Tucows will ensure that only those with a legitimate interest are given access to the gated Whois system and that this access is restricted to only those data elements that the user needs. Parties with a “legitimate interest” may include law enforcement agents, members of the security community, and commercial litigators.

    At present, we are actively responding to requests for accreditation from members of those communities. In the near future, interested parties will be able to click an application link on tieredaccess.com to submit an email with the required application information. This will include the requestor’s first and last name, organization, and email address, which specific domains they want to access, and the requested duration of access. They will also be asked to provide any other pertinent details such as the legal basis for the request.

    What data will be displayed in the Tiered Access Directory?

    There are three factors, that in combination, determine what contact data will be visible to an accredited Tiered Access user by default: the user’s permission access level, the registrant’s data use consent settings, and whether the domain is privacy-protected.

    Permission Access Levels for Accredited Users

    In designing our gated Whois system, we started from the principle of data minimization and determined that a Tiered Access directory was the best way to protect the privacy of our customers while providing parties with legitimate interest access to relevant registrant data. At a high level there are three permission access tiers, and within each we can further restrict permissions by many different factors.

    Through conversations with stakeholders, we determined three major categories of requestors: law enforcement, commercial litigation interests, and security researchers. We then examined the various personal data points we collect and identified those which are most pertinent to the above-mentioned parties. We have done our best to balance individual privacy and the rights of registrants with the rights of law enforcement and the people they protect, the rights of commercial litigators and their clients, and the need for a safe and secure Internet.

    Tier One – Law Enforcement Authorities

    Users within this tier must be a member of a law enforcement authority with jurisdiction over Tucows or one of its companies, and are provided access to the widest range of registrant data available through our Tiered Access system. Our aim is to supply these parties with data elements that may be relevant to a legal investigation while still respecting the registrant’s privacy and consent choices.

    Please Note: For the small subset of ccTLDs whose registries contractually require the admin and tech contact info, a portion of those datasets may be included in tier-one results.

    Tier Two – Commercial Litigators

    Access for users within this tier will be limited to those elements deemed necessary to exercise their clients’ rights to pursue legal action against the owner of a domain registered on our platform.

    Tier Three – Security Community Members

    Users belonging to this tier provide a valuable public service by examining trends in online criminal activity, helping to make the Internet safer for everyone. They may only view a limited set of information because, while they inarguably play an important role in online security, they have no official jurisdiction or legal authority.

    Data Use Consent Settings and Whois Privacy Status

    For domains without Whois Privacy protection, the Tiered Access system (gated Whois) can display the following data:

    • Data that we require by contract: registrant name, country, email, and organization (if applicable)
    • Data that the registry requires by contract
    • Data which we have consent from the registrant to process

    This means that, in instances where the registry does not contractually require any data elements and we do not have consent to process any additional elements, only the minimum data that we require contractually will be shown.

    Tip: Through a quick search on our Data Use Information Page, you can determine which data are processed as per the registry’s contract and which are processed by consent.

    For domains with Whois Privacy protection, the Tiered Access system will only display the Whois Privacy contact data, just as it appears for privacy-protected domains in the public Whois. It’s also important to note that the process to reveal the underlying ownership information has not changed with the introduction of a gated Whois; we would still require the tiered-access-accredited party to provide a court order, subpoena, or similar legal justification before our Compliance team would provide the underlying contact data. In short, all the benefits of Whois Privacy carry over into our gated Whois system.

    Further Customizing User Access

    As we outlined above, the actual data elements visible by default to any accredited user of the Tiered Access system depend not only on the data use consent settings and privacy status of the domain, but also on the accredited user’s permission access level. On top of these controlling factors, we can also place additional custom restrictions on a user’s account.

    Our Tiered Access system uses the Registration Data Access Protocol (RDAP), developed by the Internet Engineering Task Force as an eventual replacement for the current WHOIS protocol. One of the essential benefits of using RDAP is that it allows us to define user access options at a very granular level. We can, for example, restrict the number of domains a user can query per day, the data fields returned by each query, which specific domains can be queried, and which data elements are returned in the response. We can also set the specific duration for which a user’s account remains active.

    This means that some users may have access to the full set of registrant data we hold, restricted only based on the registrant’s data use consent settings and the Whois Privacy status of the domain. For other users, it may be that only the registrant’s email address, only the registrant’s name and country, or, perhaps, only contract-based data, will be shared.

    What’s important to take away is this: our high-level tiers are a starting point; we have the flexibility to customize as needed and make adjustments as we find the best way to balance the rights of multiple parties.

    How will the Tiered Access system be accessed?

    The sign-in portal is available at tieredaccess.com. This page also includes an explanation of the Tiered Access registration directory and some information about who may be accredited. Over the next few phases, we’ll add an option to apply for access, a link to the applicable Terms and Conditions, and a public Whois lookup option, allowing the page to function as a Whois directory for both the public and gated versions of the service.

    Will resellers have access to the Tiered Access system?

    We have no plans to provide our reseller partners access to the gated Whois, but, if you’re one of our resellers, this shouldn’t be cause for concern — the data that appear in Tiered Access for any domains in your account are accessible to you through the Domains tab of the Control Panel or the GetContacts API command. Also, keep in mind that with the new domain transfer process, the gaining registrar no longer has to send the initial Form of Authorization to the registrant email address, which has historically been retrieved from the contact details in the public Whois.

    Finding a Balance

    Much of the debate over the concept of a gated Whois system has focused around finding a balance between protecting individual privacy and ensuring that those using domains to perpetrate malicious activities can be held accountable. A recent Techdirt article described the debate’s central question as, “which is more important for society: protecting millions of people from spammers, scammers and copyright trolls by limiting the publicly-available Whois data, or making it easier for security researchers to track down online criminals by using that same Whois information?” As a registrar, our central concerns are compliance with law and protecting the data we process. However, we also believe that, as far privacy laws permit, those who play an essential role in keeping the Internet safe should have access to the data they require in order to do so. Our Tiered Access system is a solution that accomplishes both objectives.

    Read More

1 2 … 6 Next »

FEATURED POSTS

  • Our Ongoing Commitment to Combatting DNS Abuse

    October 18, 2019

  • We’ve refreshed our Webmail

    June 19, 2019

  • Colleagues review ICANN's temporary specification requirements.

    What Domain Resellers Should Know About ICANN’s Temporary Specification

    September 18, 2018

  • keys on surface.

    Enom’s Tiered Access Directory (gated Whois)

    June 19, 2018

CATEGORIES

  • Advice
  • Announcement
  • Developers
  • DNS
  • Featured
  • Fun
  • GDPR
  • Industry Insight
  • New TLDs
  • News
  • Premium Domains
  • Promotion
  • Resellers
  • Roadmap
  • SSL
  • Uncategorized
  • WTB

ARCHIVES

  • November 2019
  • October 2019
  • July 2019
  • June 2019
  • May 2019
  • April 2019
  • March 2019
  • February 2019
  • January 2019
  • December 2018
  • November 2018
  • September 2018
  • August 2018
  • June 2018
  • May 2018
  • April 2018
  • March 2018
  • February 2018
  • January 2018
  • December 2017
  • November 2017
  • October 2017
  • September 2017
  • August 2017
  • July 2017
  • June 2017
  • May 2017
  • April 2017
  • March 2017
  • February 2017
  • January 2017
  • December 2016
  • November 2016
  • October 2016
  • September 2016
  • August 2016
  • July 2016
  • June 2016
  • May 2016
  • April 2016
  • March 2016
  • January 2016
  • December 2015
  • November 2013
Support
Report Abuse
Help Center
Contact Us

 Resources
WHOIS Lookup
Maintenance Alerts
Developers
Products & Services
Domain Name Search
Premium Domains
Web Hosting
SSL Certificates
Website Builder
Basic Email
Bulk Tools

© 2019 Enom Blog |