Latest news of the domain name industry

Recent Posts

XYZ weighs into Epik controversy with .monster fundraising domain

Kevin Murphy, March 21, 2019, Domain Registries

New gTLD registry XYZ.com has set up a domain to help raise money for victims of the terrorist attack in Christchurch, New Zealand last week.

The domain is give.monster. It redirects to a page on Givealittle.co.nz, a Kiwi crowdfunding site, that has so far raised almost NZD 7.8 million ($5.3 million) for the victims of the attack, which killed 50 and injured many more last Friday.

Given the amount of coverage in the New Zealand press, it appears that the fundraising page is legit.

The domain is obviously a reference to Epik.com CEO Rob Monster, who has come in for criticism this week for hosting and sharing the terrorist’s video of the attack, and then suggesting it might be a hoax, as I blogged earlier today.

XYZ is able to create this domain because it is the registry for .monster, a gTLD it acquired last year that is currently slap-bang in the middle of its early access launch period.

Whois records show that the domain was created a little over an hour ago and belongs to XYZ.com LLC.

I learned about it through this comment on DI:

We are sorry to see this in our industry… Please visit http://www.Give.Monster and donate to support victims of the horrific Christchurch shootings. Thank you for your support.

XYZ.com is the registry for .xyz, .college, .rent and other gTLDs. .monster previously belonged to recruitment web site Monster.com.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.

XYZ reveals .monster gTLD launch dates

Kevin Murphy, February 4, 2019, Domain Registries

XYZ.com has quietly unveiled its launch plan for its recently acquired gTLD, .monster.

General availability, with no eligibility requirements, is due to begin April 1.

The 30-day sunrise period is due to begin in just a couple of weeks — February 18.

.monster was acquired late last year from recruitment web site Monster.com, which had intended to operate it as a dot-brand, for an undisclosed sum.

Before the acquisition closed, Monster and ICANN amended the registry contract to cut the special dot-brand terms that would have removed the need for a sunrise period and would have prevented the domain being sold to regular registrants.

XYZ also intends to run a week-long Early Access Period — where premium prices apply — starting March 21.

I quite like the idea of .monster as an open gTLD.

While it’s certainly not going to perform as well volume-wise as .xyz, say, I can see it fitting nicely into the “quirky” niche occupied currently but the likes of Donuts’ .guru and .ninja — not really viable as standalone TLDs, but decent enough as part of a portfolio.

The company is pitching the TLD as “a domain for creative thinkers, masters of their craft, and modern-day renegades.”

Two controversial new gTLDs launching in January

Kevin Murphy, November 13, 2018, Domain Registries

Five years after the first batch of new gTLDs hit the market, registries continue to drip-feed them into the internet.

At least two more are due to launch on January 16 — .dev and .inc.

.dev is the latest of Google’s portfolio to be released, aimed at the software developer market.

It proved controversial briefly when it first was added to the DNS in 2014, causing headaches for some developers who were already using .dev domains on their private networks.

Four years is plenty of time for all of these collisions to have been cleaned up, however, so I can’t imagine many problems emerging when people start buying these names.

.dev starts a one-month sunrise January 16, sells at early access prices from February 19 to 28 before going to regular-price general availability.

Google has already launched one of its own products, web.dev, a testing tool for web developers, on a .dev domain.

Launching with a pretty much identical phased launch plan is .inc, from new market entrant Intercap Holdings, a Caymans-based subsidiary of a Toronto firm founded by .tv founder Jason Chapnik and managed by .xyz alumnus Shayan Rostam.

Intercap bought the .inc contract from Edmon Chong’s GTLD Limited earlier this year for an undisclosed sum. GTLD Ltd is believed to have paid in excess of $15 million for the TLD at auction.

.inc has proved controversial in the past, attracting criticism from states attorneys general in the US, which backed another bidder.

It may prove controversial in future, too. I have a hunch it’s going to attract more than its fair share of cybersquatters and will probably do quite well out of defensive registration fees.

Spammy .loan makes Alibaba fastest-growing and fastest-shrinking registrar in June

Kevin Murphy, October 5, 2018, Domain Registrars

Chinese registrar Alibaba was both the fastest-growing and fastest-shrinking registrar in June, purely due to its dalliance with hundreds of thousands of cheap .loan domain names.

Stats compiled by DI from the latest monthly registry reports show that Alibaba’s Singapore-based registrar — which has only been active for a year — grew its domains under management by 720,669 in June, almost four times as many as second-placed NameCheap.

The huge increase was due to Alibaba’s DUM in .loan doubling in June, going from from 621,851 to 1,274,532. Another 50,000 extra domains came from .win.

Both .loan and .win are run by registry GRS Domains, the company that replaced Famous Four Media as manager of the Domain Venture Partners gTLD portfolio.

According to SpamHaus, .loan has a “badness” of just shy of 90%, based on a sample size of 45,000 observed domains. SpamHaus has .win at almost 39% bad.

GRS has promised to turn its portfolio around and cut off its deep-discounting promotions effective August 20. The June figures reflect a time when discounts were still in place.

The Singapore Alibaba had DUM of 1,771,730 at the end of June.

At the bottom end of the June league table was a second Alibaba accrediation, Beijing-based Alibaba Cloud Computing (aka HiChina or net.cn), which had a net DUM loss of 266,411, after seeing 345,268 deletes in .loan (along with 45,000 deletes in .xyz and 35,000 in .xin).

The second biggest loser was AlpNames, which is owned by the same people as Famous Four, which deleted over 114,000 names in the month. The vast majority of these names were in FFM/GRS gTLDs, including .loan.

The main, earliest Alibaba accreditation, Alibaba Cloud Computing (Beijing), which has zero exposure to new gTLDs, grew by 69,794 domains to end June as the seventh fastest-growing registrar with DUM of 7,672,594.

As of a couple weeks ago, Alibaba has a fourth ICANN accreditation, Alibaba Cloud US LLC, but that obviously does not figure into the June numbers.

Here’s the top 10 registrars for June by DUM growth:

Registrar (IANA ID)DUMTransfers InTransfers OutNet TransfersAddsDeletesChange
Alibaba.com Singapore E-commerce Private Ltd (3775)1771730230017228339416345720669
NameCheap, Inc. (1068)862443322140891613224418008253219187827
GoDaddy.com, LLC (146)59208467703796893114481131439951837153910
NameSilo, LLC (1479)1670604144276041838613653932107111151
Xin Net Technology Corporation (120)262370941275041-91415315466679102744
Google LLC (895)231378010763169190721253194944079148
Alibaba Cloud Computing (Beijing) Co., Ltd. (420)76725941907811732734622080515525869794
Network Solutions, LLC (2)708437552854143003855412243811062853712
GMO Internet, Inc. d/b/a Onamae.com (49)47051283043209195214625917494644668
TLD Registrar Solutions Ltd. (1564)12186886858-77239315232535877

And the bottom 10:

Registrar (IANA ID)DUMTransfers InTransfers OutNet TransfersAddsDeletesChange
Alibaba Cloud Computing Ltd. d/b/a HiChina (www.net.cn) (1599)446845116192891330202094509820-266411
Alpnames Limited (1857)3613027165366314273114254-112825
Chengdu West Dimension Digital Technology Co., Ltd. (1556)2270000422719452282148101269286-94937
Bizcn.com, Inc. (471)9202431203336-3216603663268-69862
eNom, LLC (48)6824378915328741-1958875665101336-52205
Domain.com, LLC (886)197492715348827-72932361958695-37594
Todaynic.com, Inc. (697)13652775154-79138527795-26771
Register.com, Inc. (9)197625412953484-21891918737626-26231
Wild West Domains, LLC (440)300078434777346-38693101546045-18883
Ascio Technologies, Inc. Danmark - Filial af Ascio technologies, Inc. USA (106)157968313143803-24891183828246-16839

You may notice that in both tables the net change column is not equal to the sum of adds and net transfers minus deletes. This is because, per ICANN contract, domains still in their five-day Add Grace Period are counted in DUM but not in adds, so many adds slip over into the following month.