Donuts Inc.’s major play for new Web domain names raises fears of fraud
By Craig Timberg and James Ball,
But the single most aggressive bidder for lucrative new Web domains is a little-known investment group with an intriguing name: Donuts Inc. Its $57 million play for 307 new domains — more than Google, Amazon and Allstate combined — has prompted alarm among industry groups and Internet watchdogs.
They warn that Donuts has close ties to a company with a well-documented history of providing services to spammers and other perpetrators of Internet abuses. Should Donuts come to control hundreds of new domains, including “.doctor,” “.financial” and “.school,” consumers could see a spike in online misbehavior, these critics warn.
“If the allegations concerning Donuts turn out to be true, these 300 top-level domains could be the Wild West for fraud and abuse,” said David E. Weslow, a D.C.-based lawyer who represents several major corporations.
Law enforcement authorities in several nations have warned for years that rapid expansion of new domains could unleash a fresh wave of online crimes while making it harder to identify the culprits. The number of what are called “top-level domains” is set to expand from the current 22, including “.com” and “.org,” to potentially more than 1,400 next year.
Dismissing the concerns raised by industry groups, Donuts officials say they are well qualified to run the new domains responsibly.
“We and our very smart investors would not have spent almost $57 million if we had any concerns that we were not eligible,” said Jonathon Nevett, a Rockville-based lawyer who is one of four co-founders of Donuts.
Federal officials declined to comment on particular applicants, but they have repeatedly urged more rigorous background checks and a more gradual expansion of Internet domains. They worry that a solicitation for medical products from a Web site ending with “.health,” for example, might convey an air of authenticity no matter who the actual sender.
“I equate it with an apartment building, and the landlord lets drug dealers and rapists move in,” said FBI Supervisory Special Agent Bobby Flaim, who has tracked plans to create new Web domains for several years. “They’re paying the rent, so where’s the problem?”
Yet the power of U.S. officials, or that of any government, is limited.
Overseeing the issuing of Web addresses is a Los Angeles-based nonprofit group — the Internet Corporation for Assigned Names and Numbers, or ICANN — whose sharply growing revenue is tied to the continued expansion of domains. Its revenue grew from $5.7 million in 2002 to $68 million last year, according to federal tax documents.
ICANN officials say that safeguards will prevent companies with a history of abuse from gaining control of new domains and that consumers will benefit from the greater range of choices in Web addresses. But they acknowledged uncertainty about whether such rules would block the applications by Donuts.
The complaints about Donuts stem from its relationship with Demand Media, a major player in Internet services that pioneered the creation of content linked to popular search terms, leading to a proliferation of Web pages on almost any imaginable subject (sometimes disparaged as “content farms”). Demand Media also owns eNom, the second-largest Internet registrar , selling more Web addresses than any company other than Go Daddy.
Industry watchdogs have long criticized Demand Media as a leading provider of services to spammers and a host to sites that commit “cybersquatting.” The term refers to Web sites that seek to fool consumers who type in the wrong Internet address for a company into their browsers; instead of the intended site, they can end up on one that looks similar but that can be a gateway to fraud.
Garth Bruen of the industry watchdog group KnujOn said Demand Media has not replied to any of the many spam complaints he has submitted to the company.
“They are looking the other way,” he said. “I’ve sent them tons of information. They never respond. They have this one address, email@example.com, and you never get a person.”
Kristen Moore, a Demand Media spokeswoman, said the company works with several groups to monitor spam but does not have records of complaints from KnujOn. “Combatting rogue and illegal operators on the Internet is a challenge that we take very seriously,” Moore said in an e-mail.
Two of Demand Media’s top executives, Paul Stahura and Richard Tindal, left the company in 2009. In 2010, they co-founded Donuts to compete for the new top-level domains being created by ICANN, raising more than $100 million for the effort, according to the company.
Stahura and Tindal were joined by Nevett, who was chairman of the board for an eNom joint venture. Also joining Donuts, as chief financial officer, was Kevin Wilson, the former CFO for ICANN.
Few had heard of Donuts, based in Bellevue, Wash., before ICANN announced in June that the company had made 307 bids for new domains. For nearly half of those — including “.attorney,” “.mortgage” and “.medical” — Donuts was the sole applicant, putting it in position to emerge as the world’s biggest provider of new Web domains.
The connections to Demand Media also became clearer when that company announced that it had shared rights to 107 of the domains for which Donuts has applied. (Demand Media has separately applied for 26 top-level domains, including “.army,” “.gay” and “.republican.”) The two companies also have a deal for Demand Media to provide technical services to any of the new domains that Donuts wins.
In July, Boston-based lawyer Jeffrey M. Stoler sent a letter to ICANN recounting numerous allegations of past abuses by Demand Media and detailing links between it and Donuts.
The letter listed 39 cases in which Internet industry arbitration panels had ruled that Demand Media was responsible for cybersquatting or similar abuses. In 24 of those cases, the panels found “bad faith,” meaning Demand Media knowingly participated in the cybersquatting. Among those accusing the company of abuse were American Airlines, the Royal Bank of Scotland and the Texas Lottery Commission.
Stoler, who declined to name a client in the letter or in a subsequent interview, has argued that both companies should be treated as a single entity for purposes of determining their worthiness for managing domains.
“It would make a mockery of ICANN rules,” he wrote, “if Demand Media Group and its executives could absolve themselves of their record of adverse [panel] decisions merely by forming a new entity.”
Officials with Donuts and Demand Media call criticisms of their applications unfair. Of Stoler’s letter, they say his unwillingness to name a client undermines its credibility.
“It’s full of misinformation, and there’s many false allegations,” said Dave Panos, Demand Media’s executive vice president for emerging markets. “There’s many players out there who have an ax to grind.”
Demand Media and Donuts officials say their companies are separate and should be judged individually. Both portray themselves as well suited to operating the new domains because of the experience their officers have in running domain registrars.
Stahura, the Donuts chief executive, said in a statement, “The fact is that Donuts and Demand Media are entirely separate organizations.”
Their critics still have concerns. Major companies have expressed particular worry that they could be forced to spend tens of millions of dollars to protect their brands from cybersquatting and other abuses.
“We’re all watching and holding our breath,” said Daniel L. Jaffe, an executive vice president for the Association of National Advertisers. “All we can say is there’s a lot at stake here.”
The allegations do not concern Demand Media creating or disseminating spam; instead they focus on the company’s supposed reluctance to shut down malicious sites — even when the abuses are brought to the company’s attention.
Among the most common scams are those run by rogue online pharmacies that profit by selling counterfeit drugs and other medical products to consumers looking for discounts, or for medicine without the hassle of getting a prescription. They often get fake drugs instead. Federal officials say that illnesses and deaths have resulted from such purchases.
The Federal Trade Commission issued a letter in December calling on ICANN to slow the creation of new domains, suggesting that a pilot program would be a safer way to test whether existing protections are capable of heading off more crime.
“Some domains, such as those relating to financial services and those aimed at children, could be particularly susceptible to abuse,” FTC Commissioner Julie Brill said this month. “Others, such as those referring to professionals like lawyers and doctors, could mislead consumers into thinking that they are dealing with appropriately licensed individuals.”
ICANN officials counter that they have systems in place to block potential abuses. Kurt Pritz, chief of strategy at ICANN, said the new top-level domains will be safer than the old ones because of the checks into the backgrounds of applicants, now being conducted by PricewaterhouseCoopers.
The outcomes of those background checks remain uncertain.
“There will be judgment involved,” Pritz said.
Julie Tate contributed to this report.