CentralNic’s revenue was up 110% in 2016, according to the company.
The registry today released its unaudited results for last year, showing EBITDA up 65% at £5.5 million ($6.7 million) on revenue of £22.1 million ($26.9 million)
The company, which has expanded into registrar services via acquisition in the last few years, said its recurring revenue — mainly domain registrations — now account for about 80% of revenue.
CentralNic has about a third of the new gTLD back-end market, primarily because it’s the provider for .xyz’s millions of cheapo registrations.
In its statement, it said it hopes to focus on growing more in China, where clients including .xyz were recently licensed.
It also intends to make more acquisitions, where the deals “meet clear strategic criteria including being earnings accretive in the short term with a strong recurring revenues base”.
Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.
Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.
ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.
It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.
Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.
Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.
These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.
Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.
The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.
A Verisign spokesperson said the company “has implemented” the system.
The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.
Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.
Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.
Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.
Some have chosen to work with registration gateway providers in China to comply with the local rules.
Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.
Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.
Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.
This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.
It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.
However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.
The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.
.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.
But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.
New gTLDs saw a 1,000% increase in attacks on 2015, the report states.
The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.
The company said:
Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.
There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.
Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.
But the numbers show that new gTLDs are significantly under-represented in phishing attacks.
According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.
Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.
CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.
The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.
Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.
But PhishLabs said in its report:
When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.
By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.
Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.
Top Level Design’s .ink has become the sixth new gTLD in the Latin alphabet to be approved for sale in China.
It was one of four new gTLDs given regulatory approval to begin operating properly in the country late last week. The others were all in Chinese script.
From Finnish-founded TLD Registry, .中文网 (“Chinese web site”) and .在线 (“Chinese online”) gained approval.
From local outfit Guangzhou Yuwei Information Technology Co, .集团 (“group”) and .我爱你 (“I love you”) were given the nod.
Under China’s Draconian domain name regulations, only domains registered via local registries and registrars may be used.
Registries from outside the country have had to set up a local corporate presence and agree to China’s censorship policies in order to be compliant.
There’s still about week to go until this year’s NamesCon conference kicks off in Las Vegas, but the live auction that will close the first day of the show has already seen pre-bidding action.
One batch of domains has already received a high bid of $1,010,000, but does not appear to have yet met its reserve.
The batch is led by bar.com, but also includes bar.net, cafes.com, grill.com, place.com, pub.com and shelter.com.
Another five domains on the list, all .com names, have attracted bids in six figures, topped by the $800,000 bid for ol.com.
The list of names up for pre-bid on NameJet (100 of which will hit the live auction) is dominated by Verisign TLDs — .com, obviously, and to a lesser extent .net and .tv.
The biggest pre-bid for a 2012-round gTLD is the $1,010 currently offered for gold.club, roughly 110th on the list as ordered by current bid.
The most active new gTLD auction is currently shoes.xyz, which has 28 bidders but a top bid of just $330.
I’m not sure how much can be inferred from pre-bids, but it certainly seems that most of the money from domain investors is still being put into short, one or two-word .com domains.
The auction will begin at 1500 US Pacific Time next Monday, January 23.
The auction is being managed and promoted by Right Of The Dot and NameJet. Would-be buyers need a NameJet account to participate.
Names not sold during the live event will go to an extended auction until February 9. ROTD’s Monte Cahn said this is in order to give Chinese bidders time to bid after Chinese New Year (January 28 this year).