Latest news of the domain name industry

Recent Posts

Introducing… the DI Leaders Roundtable

Kevin Murphy, October 7, 2019, Leaders Roundtable

Today, I’m introducing what I hope to be the first of several regular features, the DI Leaders Roundtable.

Every week or two, I’ll be putting a single question to a collection of domain industry and ICANN community leaders and compiling their responses in order to gain some insight into current thoughts on hot topics or broader industry trends from some of the space’s top thinkers.

I’ve tried to reflect a broad cross-section of the industry, with a mix of business, policy and technical expertise from registries, registrars, back-ends, new gTLDs, legacy gTLDs, investors, etc.

The initial line-up for the panel, which will likely evolve as time goes by, is, in alphabetical order.

Ben Crawford, CEO, CentralNic

MugshotCrawford is CEO of CentralNic, a triple-play domain company based in London and listed on the Alternative Investment Market. Initially a vendor of pseudo-gTLDs such as uk.com and gb.com, CentralNic has over the course of the last seven years evolved into a company that sells both its own self-managed TLDs, such as .sk, as well as acting as a back-end for the likes of .xyz, .site and .online. Describing itself as a consolidator, the company nowadays makes most of its money via the registrar side of the house as a result of a series of mergers and acquisitions, particularly the merger with KeyDrive last year.

Jothan Frakes, Executive Director, Domain Name Association

MugshotA long-time industry jack-of-all-trades, Frakes is currently executive director of the Domain Name Association, the prominent industry trade group. Frakes has acted in a number of roles at domain name companies, as well as co-founding the popular NamesCon conference back in 2014. His technical credentials can be exemplified by, among other activities, his participation in Mozilla’s Public Suffix List, while his policy nous could be vouched for by many who have worked with him during his 20 years of ICANN participation.

Richard Kirkendall, CEO, NameCheap

MugshotKirkendall founded leading budget registrar NameCheap in 2000 and has occupied the office of CEO ever since. A long-time Enom reseller, NameCheap’s popularity was for many years shrouded in mystery. It finally transferred the last of its Enom names over to its own accreditation in January 2018, revealing it to have 7.5 million gTLD names under management. It added a further two million over the next 18 months, and says it has over 10 million names in total. NameCheap is known for its low prices and for its occasional support for pro-freedom political causes such as the Electronic Frontier Foundation.

Milton Mueller, Professor, Georgia Tech

MugshotMueller is an academic and among the most prominent voices in ICANN’s Non-Commercial Stakeholder Group. Based at the School of Public Policy at the Georgia Institute of Technology, he founded the Internet Governance Project, an independent policy research outfit, in 2004. He’s the author of several books on the topic, and very active in ICANN policy development, including the current effort to balance privacy rights with commercial interests in the Whois system.

Jeff Neuman, Senior VP, Com Laude

MugshotNeuman is senior vice president of brand-protection registrar Com Laude and sister company Valideus, which provides new gTLD consultancy services to brand owners. From 2000 until 2015, he worked in senior policy and registry business roles at Neustar, helping to apply for and launch .biz in 2001. A noted ICANN policy expert, Neuman has sat on various ICANN working groups and currently co-chairs the New gTLD Subsequent Procedures Policy Development Process, which is developing the rules for the next round of new gTLDs.

Jon Nevett, CEO, Public Interest Registry

MugshotNevett is CEO of Public Interest Registry, which manages the 10-million-domain-strong legacy gTLD .org and a handful of new gTLDs. Prior to PIR, he was executive vice president of Donuts, and one of its four co-founders. He’s been in the domain business since 2004, when he joined Network Solutions as a senior VP on the policy side of the house. Nevett has also been involved in ICANN policy-making, including a stint as chair of the Registrars Constituency.

Michele Neylon, CEO, Blacknight

MugshotNeylon is CEO and co-founder of Blacknight Internet Solutions, a smaller registrar based in Ireland. Known for his “often outspoken” policy views, he’s a member of several ICANN working groups, sits on the GNSO Council representing registrars, and is a member of stakeholder group committees for various ccTLD registries including .eu, .ie and .us. Blacknight has almost 60,000 gTLD registrations to its name but also specializes in serving its local ccTLD market.

Dave Piscitello, Partner, Interisle Consulting Group

MugshotPiscitello is currently a partner at security consultancy Interisle Consulting Group, having retired from his role as vice president of security and ICT coordination at ICANN last year. With over 40 years in the security business, he’s also a board member of the Coalition Against Unsolicited Commercial Email (CAUCE) and the Anti-Phishing Working Group (APWG). Interisle is an occasional ICANN security contractor.

Sandeep Ramchamdani, CEO, Radix Registry

MugshotRamchandani is CEO of Mumbai-based new gTLD registry Radix, which currently has a portfolio of 10 gTLDs and one ccTLD. It’s known primarily for its low-cost, high-volume, pure-generic business model, which has seen its two best performers, .online and .site, rack up almost three million domains between them. Radix is a unit of Directi Group, which is where Ramchandani cut his teeth for almost a decade before taking the reins of Radix in 2012.

Frank Schilling, CEO, Uniregistry

MugshotSchilling started off as a domain investor at the second level, 19 years ago, eventually managing hundreds of thousands of secondary-market domains with his company Name Administration, before founding Uniregistry in order to invest in new gTLDs in 2012. As a registry, Uniregisty has about a quarter of a million names spread across its 22-TLD portfolio; as a registrar it has over 1.2 million domains under management. Schilling is widely considered one of the most successful domain investment pioneers.

Rick Schwartz, aka the “Domain King”

MugshotSchwartz is viewed by domain investors as one of the most successful domainers of all time, and is known for his forthright, blunt criticisms of both new gTLDs and poor domain investment strategies. He’s been buying and selling domain names since 1995, and has sold several category-killer .com domains for seven-figure sums. Schwartz also founded the T.R.A.F.F.I.C. domainer conference in 2004, and it ran for 10 years.

.blog registry handover did NOT go smoothly

Kevin Murphy, August 29, 2019, Domain Registries

The transition of .blog between registry back-end providers ended up taking six times longer than originally planned, due to “a series of unforeseen issues”.

Registry Knock Knock Whois There today told registrars that the move from Nominet to CentralNic took 18 hours to complete, far longer than the two to three hours anticipated.

An “unexpected database error” was blamed at one point for the delay, but KKWT said it is still conducting a post-mortem to figure out exactly what went wrong.

During the downtime, .blog registrations, renewals, transfers and general domain management at the registry level would not have been possible.

DNS resolution was not affected, so registrants of .blog domains would have been able to use their web sites and email as usual.

The migration, which covered roughly 200,000 domains, wrapped up at around 0800 UTC this morning. It seems engineers at the two back-end providers, both based in the UK, will have been working throughout the night to fix the issues.

KKWT reported the new CentralNIC EPP back-end functioning as expected but that several days of “post-migration clean-up” are to be expected.

Eighteen hours is more than the acceptable 14 hours of monthly downtime for EPP services under ICANN’s standard Registry Agreement, but below the 24 hours of weekly downtime at which emergency measures kick in.

CentralNic already handles very large TLDs, including .xyz, but I believe this is the largest incoming migration it’s handled to date.

KKWT is owned by Automattic, the same company as WordPress.com.

.icu joins the million-domains club in one year, but spam triples

Another new gTLD has joined the exclusive list of those to enter seven figures in terms of domains under management.

.icu, managed by ShortDot, topped one million names this week, according to COO Kevin Kopas.

It’s taken about a month for DUM to increase from 900,000 names, and if zone files are any guide half of that growth seems to have happened in the last week.

.icu domains currently sell for between $1 and $2 for the first year at the cheap end of the market, where most regs are concentrated, with renewals closer to the $10 mark.

The gTLD joins the likes of .club, .xyz, .site and .online to cross the seven-figure threshold.

When we reported on the 900,000-reg mark at the end of May, we noted that .icu had a SpamHaus “badness” rating of 6.4%, meaning that 6.4% of all the emails coming from .icu addresses that SpamHaus saw were classified as spam.

That score was roughly the same as .com, so therefore pretty respectable.

But in the meantime, .icu’s badness score has almost tripled, to 17.4%, while .com’s has stayed about the same.

Picking through the Google search results and Alexa list for .icu domains, it appears that high-quality legit web sites are few and far between.

Whether that’s a fixable symptom of .icu’s rapid growth — it’s only about 13 months post-launch — or a predictor of poor long-term potential remains to be seen.

XYZ weighs into Epik controversy with .monster fundraising domain

Kevin Murphy, March 21, 2019, Domain Registries

New gTLD registry XYZ.com has set up a domain to help raise money for victims of the terrorist attack in Christchurch, New Zealand last week.

The domain is give.monster. It redirects to a page on Givealittle.co.nz, a Kiwi crowdfunding site, that has so far raised almost NZD 7.8 million ($5.3 million) for the victims of the attack, which killed 50 and injured many more last Friday.

Given the amount of coverage in the New Zealand press, it appears that the fundraising page is legit.

The domain is obviously a reference to Epik.com CEO Rob Monster, who has come in for criticism this week for hosting and sharing the terrorist’s video of the attack, and then suggesting it might be a hoax, as I blogged earlier today.

XYZ is able to create this domain because it is the registry for .monster, a gTLD it acquired last year that is currently slap-bang in the middle of its early access launch period.

Whois records show that the domain was created a little over an hour ago and belongs to XYZ.com LLC.

I learned about it through this comment on DI:

We are sorry to see this in our industry… Please visit http://www.Give.Monster and donate to support victims of the horrific Christchurch shootings. Thank you for your support.

XYZ.com is the registry for .xyz, .college, .rent and other gTLDs. .monster previously belonged to recruitment web site Monster.com.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.