In the context of discussions about new gTLDs, we need to talk about the malicious practices of old gTLDs in order to avoid making the same set of mistakes with the new batch of TLDs. Let's consider the .travel TLD. After putting in place a bulk purchase program this registry went private. It then registered through namesbeyond.com 164,708 domains (normally going for $99 at retail) at an insider unit price of $4.09 and proceeded to monetize this namespace. Of course, there are acceptable forms of monetization, and then there are those forms which can only be described as cybersquatting. WIPO has recently ruled that "many of the domain names it has registered are well-known trademarks, thus evidencing a clear pattern of abusive domain name registration." -- see http://www.wipo.int/amc/en/domains/decisions/html/2008/d2008-1161.html So now we have a registry operator apparently engaged in cybersquatting. What has this experience taught us? 1. Neither registry operators nor their subsidiaries, affiliates, or other related shell corporations should be permitted to register domain names unless such registrations comport with narrowly drafted guidelines. 2. Registry ownership can change. You might think that you are approving an applicant's bona fides, yet the applicant's undisclosed intent is to immediately turn over the registry operation/management to another entity upon receipt of the delegation. You might think that you are approving an application on the part of a publicly-listed firm, only to see shenanigans start when the firm thereafter goes private. Changes in ownership should require some type of re-accreditation/re-certification or ICANN-approval process. 3. Cybersquatting on the part of registries and/or registrars should be punishable through a sanctions program. When contracted parties go off the deep end, the community needs to be protected.