Dries Buytaert

Drupal.eu hijacked using phantom registrars?

I pre-registered the drupal.eu domain name but unfortunately it was awarded to an earlier applicant. As the pre-registered .eu domain names were awarded on a first come, first served basis this sounds fair ... until you find out that the system might have been gamed.

The European Registry of Internet Domain Names (EURid) operates the .eu domain. However, you had to pre-register the domain name using one of the official domain name registrars. A domain name registrar is a company accredited by the EURid to sell .eu domain names. To setup an accredited registrar, you pay 10.000 EUR and sign an agreement with EURid.

To award the .eu domains to each of the domain name registrars, the EURid laid out a system to provide each domain name registrar an equal chance at getting domain names for their customers. Supposedly, the system EURid used was to repeatedly iterate over the list of domain name registrars, and on their turn, each domain name registrar got to make one request for a domain name on behalf of their customers.

Now, if you look at the domain name registrar that obtained the drupal.eu domain, and if you investigate the list of official .eu registrars, you'll see that there are (at least) 7 other domain name registrars that share the exact same postal address and phone number as the domain registrar that obtained drupal.eu.

Legitimate? I don't know. However, it is fair to believe that by creating multiple phantom registrars, a single person or company could increase the likelihood of obtaining more and better .eu domain names than other companies. If not, companies wouldn't have spend 80.000 EUR (or more) to setup phantom registrars ...

The EURid should have known better.

— Dries Buytaert

1 min read time