Latest news of the domain name industry

Recent Posts

$11 billion dot-brand blames coronavirus as it self-euthanizes

Another new gTLD you’ve never heard of and don’t care about has asked ICANN to terminate its registry contract, but it has a rather peculiar reason for doing so.

The registry is Shriram Capital, the financial services arm of a very rich Indian conglomerate, and the gTLD is .shriram.

In its termination notice, Shriram said: “Due to unprecedented Covid-19 effect on the business, we have no other option but to terminate the registry agreement with effect from 3lst March 2020.”

Weird because the letter was sent in May, and weird because Shriram Group reportedly had revenue of $11 billion in 2017. The carrying cost of a dot-brand isn’t that much.

Registries don’t actually need an excuse to terminate their contracts, so the spin from Shriram is a bit of a mystery.

Shriram had actually been using .shriram, with a handful of domains either redirecting to .com sites or actually hosting sites of their own.

It’s the 79th dot-brand to self-terminate. ICANN expects to lose 62 in the fiscal year that started three weeks ago.

Watch three members of the ICANN community get assassinated

Kevin Murphy, June 22, 2020, Gossip

Three members of the ICANN community got killed by an assassin in a 2012 movie, now available on Amazon Prime, I inexplicably had never heard about until today.

The film’s called Rogue Hunter, and it’s produced and directed by prominent community member Jonathan Zuck, who’s been involved in ICANN representing intellectual property interests for the last 15 years.

It’s about… 55 minutes long.

It’s about… I dunno. A foxy female assassin or something? Maybe. The audio during the exposition scenes was pretty ropey. My feeling was that it’s drawing a lot from The Bourne Identity.

Zuck himself, alongside Steve DelBianco and Andrew Mack, both former chairs of the ICANN Business Constituency, all have cameos in which they get killed.

Here’s the trailer for the film, featuring DelBianco getting offed near the Taj Mahal (presumably shortly after the 2008 ICANN 31 meeting in New Delhi).

But is it any good?

No. The movie is fucking terrible.

But it’s firmly in the “So Bad It’s Good” zone.

And I laughed my balls off.

It’s not quite a classic of the genre — it’s no The Room — because it seems pretty clear that Zuck and his colleagues knew they were making a terrible film. There’s deliberate humor in the script and the direction.

The film was released in 2012, and somehow got on to Amazon Prime two years ago, where it has one one-star review:

Poor camera work, poor lighting, poor story line, poor acting just really all round dreadful.

I don’t think that reviewer really “got” what the makers were going for. Maybe, if you choose to watch the movie and review it, you could help redress the balance.

I should point out that there’s a bit of nudity and a somewhat explicit sex scene in the film, so you probably shouldn’t watch it with your boss or your kids watching over your shoulder.

GoDaddy, PorkBun and Endurance win domain “blocking” court fight

Kevin Murphy, June 17, 2020, Domain Policy

Three large registrar groups last week emerged mostly victorious from a court battle in which a $5.4 billion-a-year consumer goods giant sought to get domains being used in huge scam operations permanently blocked.

Hindustan Unilever, known as HUL, named Endurance, GoDaddy and PorkBun in a lawsuit against unknown scammers who were using cybersquatted domains to rip off Indians who thought they were signing up to become official distributors.

The .in ccTLD registry, NIXI, was also named in the suit. All of the domains in question were .in names.

Among other things, HUL wanted the registrars to “suspend and ensure the continued suspension of and block access to” the fraudulent domains in question, but the judge had a problem with this.

He’d had the domain name lifecycle explained to him and he decided in a June 12 order (pdf) that it was not technically possible for a registrar to permanently suspend a domain, taking into account that the registration will one day expire.

He also defined “block access to” rather narrowly to mean the way ISPs block access to sites at the network level, once again letting the registrar off the hook.

Judge GS Patel of the Bombay High Court wrote:

Any domain name Registrar can always suspend a domain that is registered. But the entire process of registration itself is entirely automated and machine-driven. No domain name registrar can put any domain names on a black list or a block list.

Where he seems to have messed up is by ignoring the role of the registry, where it’s perfectly possible for a domain name to be permanently blocked.

NIXI may not have its hands directly on the technology, but .in’s EPP registry is run by back-end Neustar (now owned by GoDaddy but not directly named in the suit), which like all gTLD registries already has many thousands of names permanently reserved under ICANN’s direction.

Patel also seems to assume that NIXI doesn’t get paid for the domain names its registrar sells. He wrote:

The relief against Defendants Nos. 14 and 15, the dot-IN registry and NIEI [NIXI] at least to the extent of asking that they be ordered to de-register or block access is misdirected. Neither of these is a registrar. Neither of these receives registration consideration. Neither of these registers any domain name. The reliefs against them cannot therefore be granted.

NIXI actually charges INR 350 ($4.60) per second-level .in name per year, of which a reported $0.70 goes to Neustar.

The judge also ruled that the registrars have to hand over contact information for each of the cybersquatters.

He also ordered several banks, apparently used by the scammers, to hand over information in the hope of bringing the culprits to justice.

Should Epik be banned from NamesCon as racism debate spills over into domain industry?

Should GoDaddy-owned domain conference NamesCon ban the controversial registrar Epik from its conferences, after a day in which the domaining fraternity descended into a race row?

The fight kicked off last night when Epik director and noted domain investor Braden Pollock announced he was quitting the board over ideological differences with CEO Rob Monster.

Pollock did not explain his exact reasons for quitting, but the assumption among domainers on Twitter and elsewhere, perhaps due to heightened race awareness during the ongoing Black Lives Matter protests, was that it was race-related.

Pollock’s wife is the civil rights attorney Lisa Bloom, who is currently representing victims of police violence during the BLM protests.

Monster is a conspiracy theorist and Bible-bashing Christian who has been accused over the years of racism, antisemitism, and worse.

Even if Monster is not a racist (and plenty of his associates, even his critics, believe he is not), Epik is certainly friendly to racist registrants.

It caused controversy in March last year by publicly offering to host gab.com, the Twitter clone most often used by right-wing refugees escaping Twitter’s ban hammer.

It also took the domain business of 8chan, a forum site frequented by racists, though it refused to actually host the site.

The registrar is also very popular with domainers, due to its low price and domainer-friendly services.

Before long, Pollock’s tweet had spawned a thread of domainers expressing support for either Pollock or Monster, as well as casually throwing accusations of racism at each other.

Pretty much the same thing was going on over on NamePros and Facebook.

Epik all but confirmed that race was at the center of the disagreement by tweeting out the names of a couple dozen employees, whom I can only assume are not white, with the hashtag #diversity.

Monster himself posted a short video in which he appeared to denounce racism.

Later today, Epik posted a screenshot of a Facebook comment by NamesCon CEO Soeren von Varchmin, in which he suggested Epik had been banned from the conference, which the company has previously sponsored.

The tweet tagged both GoDaddy and the US Federal Trade Commission.

While the von Varchmin comment is genuine, I’m told that he was speaking in a personal capacity and it’s not current GoDaddy policy to ban Epik.

But should it?

World’s youngest country launches its Nazi-risk TLD next week

South Sudan is gearing up to launch its controversial top-level domain, .ss, on Monday.

It’s being run by the National Communication Authority for the country, which was founded in 2011 after its split from Sudan and is the world’s youngest nation.

As I noted back then, while SS was the natural and obvious choice of ISO country code, it’s potentially controversial due to the risk of it being used by modern-day Nazis in honor of Hitler’s Schutzstaffel.

Arguably, the risk nine years later is even greater due to the rise of the populist, nationalist right around the world.

So some readers may be pleased to hear that the registry is playing its launch by the book, starting with a sunrise period from June 1 to July 15. Trademark owners will have to show proof of ownership.

I’m sure Hugo Boss already has an intern with a checkbook, trademark certificate and sleeping bag outside the registry’s HQ, to be sure to be first in line on Monday.

Sunrise will be followed by a landrush period from July 17 to August 17, during which names can be acquired for a premium fee.

Immediately after that there’ll be an early access period, from August 19 to August 29, with more premium fees. General availability will begin September 1.

Perhaps surprisingly, given the direction other ccTLDs have been taking over the last decade, South Sudan has opted for a three-level structure, with registrations possible under .com.ss, .net.ss, .biz.ss, .org.ss, .gov.ss, .edu.ss, .sch.ss and .me.ss.

The com/net/biz/me versions are open to all. The others require some proof that the registrant belongs to the specific category.

The registry says it plans to make direct second-level regs available “at a later date”.

Getting your hands on a .ss domain may prove difficult.

Trademark owners won’t be able to use their regular corporate registrar (at least not directly) as NCA is only currently accredited South Sudan-based registrars. So far, only two have been accredited. Neither are also ICANN-accredited.

One is rather unfortunately called JuHub. It’s apparently using a free domain from Freenom’s .ml (Mali) and is listed as having its email at Gmail, which may not inspire confidence. Its web site does not resolve for me.

The other is NamesForUs, which is already taking pre-registration requests. No pricing is available.

The registry’s web site has also been down for most of today, and appears to have been hacked by a CBD splogger at some point, neither of which bodes well.

“Dangerous precedent” as ICANN rejects $1.13 billion .org buyout

In a decision that will shock many, ICANN won’t let Ethos Capital buy Public Interest Registry from the Internet Society.

Its board of directors yesterday voted to reject PIR’s request for a change of control of the .org contract, saying that “the public interest is better served in withholding consent”.

Ethos responded angrily almost immediately, saying the decision “sets a dangerous precedent with broad industry implications” and that it is “evaluating its options”.

The ICANN resolution, which was published overnight, is justified by setting out the case that .org is a unique case: a large legacy gTLD with a mandate to serve non-profit entities.

The Board was presented with a unique and complex situation – a request to approve a fundamental change of control over one of the longest-standing and largest registries, that also includes a change in corporate form from a viable not-for-profit entity to a for-profit entity with a US$360 million debt obligation, and with new and untested community engagement mechanisms relying largely upon ICANN contractual compliance enforcement to hold the new entity accountable to the .ORG community. ICANN is being asked to agree to contract with a wholly different form of entity; instead of contracting with the mission-based not-for-profit that has responsibly operated the .ORG registry for nearly 20 years, with the protections for its own community embedded in its mission and status as a not-for-profit entity. If ICANN were to consent, ICANN would have to trust that the new proposed for-profit entity that no longer has the embedded protections that come from not-for-profit status, which has fiduciary obligations to its new investors and is obligated to service and repay US$360 million in debt, would serve the same benefits to the .ORG community.

Essentially, ICANN is holding ISOC to the by-and-for non-profits commitment that it made when it inherited the registry from Verisign back in 2002. You may recall I went into some depth on the history of .org back in December.

While noting the broad criticism from various parties — which included domainers and non-profits — about the proposed acquisition, the resolution makes specific reference to the investigation by the office of the California attorney general, which had made vague threats of legal action against ICANN.

Some commentators, including Jonathan Zuck and Michele Neylon — are worried that the AG’s influence now means ICANN has a new boss, and that special interest groups in future need only lobby his office in order to override community-built consensus.

But ICANN did not single out one reason for its decision, saying withholding consent was “reasonable in light of the balancing of all of the circumstances”.

Ethos, while not calling out the AG directly, made the broader claim that ICANN has acted outside its mandate by succumbing to lobbying by outside parties.

Its statement, which I think contains hints at future legal action, reads in full:

Today’s decision by ICANN sets a dangerous precedent with broad industry implications. ICANN has overstepped its purview, which is limited to ensuring routine transfers of indirect control (such as the sale of PIR) do not impact the registry’s security, stability and reliability. Today’s action opens the door for ICANN to unilaterally reject future transfer requests based on agenda-driven pressure by outside parties. It allows ICANN to base its decisions on a subjective interpretation of what it deems to be relevant in these transactions, rather than following its own clear and specified legal directive.

This decision will suffocate innovation and deter future investment in the domain industry. ICANN has empowered itself to extend its authority into areas that fall well outside of its legal mandate in acting as a regulatory body. Today’s decision also creates an uncertain and unpredictable business environment, where the enforceability and value of the ICANN contract itself may be called into question now that the rules of transferring ownership are open to influence by outside interests. Ethos is evaluating its options at this time.

In the same statement, PIR called the decision “a failure to follow its bylaws, processes, and contracts” and ISOC said ICANN “has acted as a regulatory body it was never meant to be”.

While the decision could be chalked up as a win for domain investors and civil libertarians that had challenged the acquisition, it has implications that may not entirely please them.

Assuming the deal stays dead, PIR is no longer promising to only increase prices by 10% a year. It will be able to raise its registry fee arbitrarily, whenever it likes, subject to notice periods and the usual uniform pricing rules.

Domainers will have to hope there’s no sour grapes at ISOC, or they could be looking at big price hikes before long.

And for those interested in censorship, remember PIR is no longer committing to a Stewardship Council that would help protect free speech in .org domains.

The ICANN decision came in spite of a last-minute plea from former chair and ISOC co-founder Vint Cerf, who in a letter (pdf) described the deal as a “wedge issue” that could be leverage to force ICANN into an existential crisis, with outside interests such as the ITU pushing itself as a replacement.

ICANN also received eleventh-hour submissions from the German government (which was against the deal) and German trade group Eco (which was vague but appeared to be for the deal).

Now .org critics actually want to take over the registry, blocking billion-dollar sale

Kevin Murphy, January 8, 2020, Domain Registries

A group of ICANN alumni and non-profits want to block the $1.135 billion sale of .org manager Public Interest Registry and for ICANN to hand over the reins to a new not-for-profit entity.

The Cooperative Corporation of .ORG Registrants was reportedly formed in California this week, supported by a long list of opponents of the .org deal, which would see the Internet Society sell PIR to a new private equity company called Ethos Capital.

Currently not-for-profit .org would become commercial again, answerable to shareholders who want to see a return on their investment. PIR recently had its 10%-a-year price caps lifted by ICANN, enabling it to increase its annual registry fees by as much as it wants.

Founding directors of the new co-op reportedly include ICANN founding chair Esther Dyson and founding CEO Mike Roberts, neither of whom have been heavily involved in ICANN or the domain name industry for the better part of two decades.

According to Reuters, Also on the board are Wikimedia Foundation CEO Katherine Maher, Jeff Ubois of the MacArthur Foundation, and Bill Woodcock, executive director of Packet Clearing House, which provides .org, via back-end Afilias, with DNS resolution services.

Dyson told the New York Times: “If you’re owned by private equity, your incentive is to make a profit. Our incentive is to serve and protect nonprofits and the public.”

The new registry would not have a profit motive, and excess funds would be returned to the non-profit community.

While the new group has yet to make a formal, public proposal, the idea is reportedly to persuade ICANN to block the sale of PIR to Ethos — something nobody can seem to agree is even within its powers — and instead transfer stewardship to this new co-op.

It’s a crazily ambitious goal.

The group would be basically asking ICANN to cut off ISOC’s primary funding source. PIR currently gives tens of millions of dollars a year to its owner, and after the Ethos deal ISOC intends to live off the interest of its billion-dollar windfall.

If ICANN canceled the PIR contract and handed .org to a third party, ISOC would get nothing, potentially crippling it and subsidiaries such as the IETF.

I can’t imagine such a decision, on the outside chance ICANN actually went down this path, not resulting in litigation.

The Cooperative Corporation of .ORG Registrants is reportedly also being backed by other supporters of the #SaveDotOrg campaign (which now has over 20,000 supporters), including the free speech advocates at the Electronic Frontier Foundation and NTEN, a conference/community hub for non-profits.

This campaign last month managed to persuade a group of four Democrat members of Congress — Ron Wyden, Richard Blumenthal, Elizabeth Warren and Anna Eshoo — to express their concerns about the Ethos deal and ask ISOC/Ethos/PIR a series of pointed questions about its potential ramifications.

In its response this week (pdf), the leaders of the three entities avoided directly answering the bulleted questions, but did make some commitments that I believe are new.

Notably, they said that the registry would reincorporate as a Public Benefit LLC before the acquisition closes. This is a relatively new form of legal entity, which has been described like this:

A Public Benefit LLC is a for-profit entity; however, in operating a Public Benefit LLC, the LLC’s management can take into account social, economic and political considerations without violating its fiduciary duty to act in the best interests of the company.

In other words, PIR would be free to place the needs of .org’s non-profit registrants ahead of the needs of its own shareholders without opening itself up to legal action.

A “statement of public benefit” would be in its certificate of formation, and would include a commitment “to limit any potential increase in the price of a .ORG domain registration to no more than 10% per year on average”.

I’ve noted before that this is worded vaguely enough to give Ethos some flexibility to raise prices by over 10%, but the fact that it’s offering to bake a commitment on pricing into its corporate DNA may be seen as a step in the right direction by critics.

It’s also proposing a “Stewardship Council”, which would be “an independent and transparent body” tasked with providing policy guidance to PIR and overseeing a new “Community Investment Fund” that would be used for initiatives such as the annual .org awards program.

DI Leaders Roundtable #4 — Big predictions for 2020

Hindsight is 2020, right? Not this time!

We’re rolling up to the end of the year, so for the fourth DI Leaders Roundtable I thought I’d task my panel of industry experts with the wholly original and unpredictable question:

What do you think will be the major trends or developments in the domain name industry in 2020?

I’m wonderfully happy to report that the panel grasped the opportunity with both hands and delivered an absolute smorgasbord (selection of open sandwiches) of informed opinion about how they reckon 2020 will play out.

From potential changes to security practices to ongoing consolidation to increased government regulation to the death of new gTLDs to the growth of new gTLDs, 2020 is certainly going to be a fun year to report on.

In no particular order, this is what they said:

Rick Schwartz, domain investor

Mugshot2020 is going to be just a fabulous year.

It comes down to two words: re-branding and upgrading.

Businesses that have gotten domains that may have not been prime to begin with want prime domains now to help them grow and be taken more seriously.

Businesses, especially global businesses that made the mistake of using non-dotcom domains, have realized their mistake and want to upgrade to a dotcom domain because of their own self-interest. They don’t care what domainers think! They only care about what they think and their bottom line, and in that regard they only have one choice and they all know it.

It’s mandatory if they want to grow and become part of the largest franchise ever known to mankind. The dotcom franchise.

If you add up all the net worth of every company on earth using the dotcom brand, the number is unfathomable.

As we go into the seventh year of the new gTLD experiment, they are meaningless. They haven’t been adopted by almost anybody. Circulation is poor. So many registrations are questionable or penny-promotional. The majority are parked and not in use nor will they ever be. And 99.9% of the people on this planet could not name a single one of them! Not a one!

The poor roll-out, poor marketing, poor circulation, questionable tactics and rolling out hundreds of extensions at one time was a death wish. A demolition derby as I have described and look at the HUNDREDS that are truly dying on the vine. They are not viable!

The registries themselves wanted the same result as dotcom but they smothered their own product by holding back anything they deemed to have any value whatsoever. They wanted the same result as dotcom but they certainly didn’t use the same playbook. There was no such thing as premium domains with Network Solutions. That was what gave life to the aftermarket.

They changed the recipe and it is what it is. Instead of replacing dotcom domains they should have marketed them as an on-ramp to their main dotcom website. That was a fatal choice.

Country-code extensions with dual purposes have outperformed all the new gTLDs put together.

.org has legs. Even .net domains seem to be in better shape than any of the new extensions.

According to NTLDStats.com there are 400 extensions with less than 20,000 registrations. Not viable! Over 300 of them have less than 10,000 and more than 200 have less than 5,000 and most of those have 2,000 or less.

On the other hand, there have been a lot of gimmicks used by the top 10 to gain HOLLOW registrations. Those 10 control 63% of all new gTLD registrations. Leaving the other 37% to be divided by over 500 other extensions. It’s laughable.

And when it comes to aftermarket sales, 2019 was worse than 2018 and 2017. Wrong direction for something that is supposed to be “emerging.”

According to TheDomains.com reported sales, of new gTLD’s are in a nosedive for 2019 vs 2018 and 2017. And most were done by registries themselves and not individual domain investors. Wrong direction!

2017

1,007 Total Sales
$5.2m Dollar Volume
$5,118 Average Price
$500.3k High Price

2018

1,490 Total Sales
$5.7m Dollar Volume
$3,847 Average Price
$510k High Price

2019

865 Total Sales
$3.4m Dollar Volume
$3,940 Average Price
$335k High Price

To me, 2020 is a year of total clarity. The experiment is over.

Get on board or get run over.

Sandeep Ramchamdani, CEO, Radix Registry

Mugshot

Within the new domains space, we will see a clear separation between the top 10 most popular extensions, and everything else. Many new TLDs have been able to jump volumes by operating at ultra-low prices. As the reality of renewals hit next year, the top TLDs by DUMs will more closely represent the most popular strings overall. Registrars will naturally tend towards focusing on these strings at the cost of everything else.

We will continue to see the normalization of new strings, as its visibility driven by legitimate end-user usage, rises. Our hope is that more registries play an active role in driving adoption by highly visible end-users and accelerate this evolution.

Jeff Neuman, Senior VP, Com Laude

MugshotLooking into my domain name industry crystal ball for 2020, I can see the continuation of some of the same activities, the start of some new debates, and even more maturation of the industry. Here are my views on three of the policy issues likely to be center-stage in 2020 (in no particular order).

Transitioning to a new Steady State of New TLDs.

OK, so the next round of new gTLDs will not open in 2020. However, there will be some real progress made towards the next round. The Subsequent Procedures PDP will complete its policy work on its review of the 2012 round and deliver it to the Council, who in turn will approve (hopefully) the policy work and submit to the Board.

The ICANN Board will put out the report for public comment and we will see those that oppose any new more new TLDs come back out of the woodwork to file the same type of comments reminiscent of 2009/2010. They will claim that more TLDs are not needed, we should not be moving too fast (despite nearly a decade between rounds), and that we should not be adding new TLDs until we solve DNS Abuse, Name Collision, WHOIS/SSAD/GDPR/RDAP/UAM, (insert your own issue), etc.

Despite the likely negativity from some, the community will realize that there is value to additional new gTLDs and maintaining a competitive landscape. There is still value in innovation, encouraging consumer choice and competition. The community will rise above the negativity to realize that many of the issues we experience in the industry are in fact related to the artificial scarcity of TLDs and that we need to continue to push forward towards completing one of the original missions of ICANN.

Rights Protection Mechanisms move to Phase 2.

Admittedly most of the community has not been paying attention to the Rights Protection Mechanisms (RPMs) Policy Development Process PDP. Currently it is working on Phase 1: Reviewing the RPMs introduced for the 2012 Round of New gTLDs. This work includes looking at the Trademark Clearinghouse, Sunrise Processes, the URS and the Trademark Claims process.

2020 may likely see the beginning of its second phase, the first ever review of the Uniform Dispute Resolution Policy (UDRP).

The UDRP was the first of ICANN’s Consensus Policies, and one that has been in place for more than to decades. Great care must be taken in the review of this policy which most will argue has been ICANN’s most successful policy in its relatively young history. The UDRP not only protects the intellectual property community by going after the bad faith registration and use of gTLD domains, but it also has been instrumental for registries and registrars to stay out of the middle of domain name disputes.

Prior to the UDRP, the one domain name registry/registrar was constantly in court defending itself against claims of contributory infringement and hoping that courts would not impose liability on it for allowing the registration of domain names by cybersquatters and not taking back names when notified about the abuse that was occurring on those names.

The passage of the UDRP drastically changed all of that. Registries and Registrars could extricate themselves from domain name disputes by referring the parties to the UDRP and agreeing to following/implementing the decisions. Courts agreed that following the UDRP served as a shield of liability for those registries and registrars that faithfully followed the policy. The bottom line in my view is that domain name registries and registrars need the UDRP as much as the IP Community.

The DNS Abuse Debate continues.

Although some progress has been made in defining and mitigating DNS Abuse with a number of registries and registrars signing a Framework to Address DNS Abuse, more discussions by the ICANN community will continue to take place both within and outside of ICANN. In my opinion, those registries and registrars that are serious of addressing true DNS abuse, will continue to educate the community on the already positive steps that they have been taking to combat phishing, pharming, malware, botnets, etc. as well a number of other non-DNS abuse issues (illegal pharmaceuticals, child exploitation, etc.).

Other groups will continue to press registries and registrars to do more to combat all sorts of other non-DNS forms of abuse, while others will strenuously argue that the more that is done, the more we threaten the civil liberties of domain name registrants. The community will realize that there is no right side or wrong side in this debate. Each side of those complicated debate is right.

Hopefully, a true sense of “multi-stakeholderism” will arise where domain name registries and registrars continue to mitigate abuse while disassociating themselves from those that are not as serious about combating abuse, ICANN will develop tools that will constructively assist with mitigating abuse (as opposed to focusing on contractual regulations), and the rest of the community will work on how to combat the growing problem without trampling on the rights of registrants. At the end of the day, all of us have a role in protecting end users on the Internet.

Note: I know the ePDP work on Universal Access will of course be ongoing, but I am sure others will give their thoughts on that. From a non-policy perspective, the domain name industry will continue to consolidate. We may very well see more registry/registrar combinations, registries purchasing other registries and private equity investment. We will see some more innovative uses of brand TLDs and others following suit.

Christa Taylor, CMO, MMX

Mugshot

  1. The predicted 2020 recession will reward agile organizations who embrace machine learning to enhance operational efficiencies, customer experiences and protect corporate profit margins. Naturally, organizations with high operating costs will be the hardest hit with impacts being felt in the second half of 2020.
  2. The potential recession combined with mounting pressures to increase efficiency will lead to a renewed focus on reaching niche markets to expand business.
  3. Protection and representation movement of identities will continue to gain strength and momentum in 2020 as more and more people recognize the importance of controlling their own personal data.
  4. Horizontal and vertical consolidation along with increased synergies will continue throughout the industry.
  5. The 4th industrial revolution (IoT, VR, AI, BC) will gather momentum and provide additional opportunities for the use of domain names.
  6. The next round of new gTLD applications will encounter unanticipated challenges causing delays.
  7. New gTLDs registrations will continue to grow in 2020.

Michele Neylon, CEO, Blacknight

MugshotI suspect we’ll see more consolidation across the domain and hosting space. Afilias will probably acquire a few more under-performing registry operators. Some will already be on their platform, while others will be using their competitors. CentralNic will continue to acquire companies that fit with their portfolio of services.

There’ll be more mergers and acquisitions across the hosting and domain registrar space with a small number of companies dominating most developed markets.

The PIR acquisition by Ethos Capital will close and the sky won’t fall. PIR will increase their wholesale price by a few percentage points which will upset domain investors. There’ll be increased calls on ICANN to take action, but these will be rebutted.

More country code operators will start using AI to combat abusive registrations. In some cases I suspect we’ll see more stringent registrant validation and verification policies being introduced, though many ccTLD operators will find it hard to balance maintaining new registration volumes while also increasing the overall “quality” of the registration base.

There’ll be an increase in internet shutdowns in less-developed democracies, while governments in Europe and elsewhere will increase pressure on social media companies to stop the spread of propaganda. Internet infrastructure companies will come under more pressure to deal with content issues.

As we enter a new decade the role of the internet in our daily lives, both business and personal will continue to grow.

The big challenges that lie ahead are going to be complex. Without increasing security there’s a tangible risk that consumers will lose trust in the system as a whole and governments will want to impose more regulations to ensure that. One of the challenges is going to be balancing those increased levels of security and consumer confidence while not stifling innovation.

It’s going to be a fun future!

Dave Piscitello, Partner, Interisle Consulting Group

MugshotExpect increased scrutiny of the domain registration business. Our study and others to follow will continue to expose enormous concentrations of abuse and criminal domain registrations at a small number of registrars.

Domains registered using bulk registration services will attract the most attention. We call these “burner domains”, because cybercriminals use these in a “register, use, and abandon” fashion that’s similar to how drug dealers use disposable or burner mobile phones.

Governments will become more insistent that ICANN does more than acknowledge their recommendations and then defer adoption. They will increase pressure to validate domain registration data and legitimate businesses will happily comply with the additional validation overhead because of the abuse mitigation benefits they’ll receive.

There’s a possibility that a government other than the EU will adopt a data protection regulation that exposes the flawed logic in the ill-conceived Temp Spec “one redaction fits all”. Having decided to “run with GDPR”, what will ICANN do when faced with a government that insists that email addresses be made public?

The governance model will also fall under scrutiny, as the “multi” in multi-stakeholder appears to be increasingly dominated by two stakeholder interests and public interest barely receives lip service.

Ben Crawford, CEO, CentralNic

Mugshot

  • There will be more creative ways to bake identity, cyber security, crime prevention and policing, and IP protection measures into domains and registration services
  • More registries will be auctioning their own deleting domains
  • Large tech firms, finance players and telcos will play and increasing role in the domain industry
  • Further consolidation of gTLDs as the bigger registry operators continue to acquire some of the smaller ones
  • More regulations impacting the domain name industry
  • Smart independents like .XYZ, Radix and .ICU (which went from zero to 4+ million DUMs in 18 months) will continue to dominate the nTLD space (without blowing $100m on the rights to their TLDs)

Jothan Frakes, Executive Director, Domain Name Association

Mugshot

Consolidation will continue — look for a lot of M&A activity and corporate development. Lots of moves and role changes with people changing companies as the consolidation occurs. With change comes great opportunity, and there will be a lot of change.

The industry is kicking off the year with oomph — the new location and format for NamesCon, billed as as the Domain Economic Forum in Austin. The event looks promising, as it begins refreshed and demonstrates the strengths of the team who produce Cloudfest. Austin, like Las Vegas, is a mecca for tech startups, but larger, so hopefully the convenience of the venue to the local tech companies, along with with GoDaddy demonstrating a heavier presence at the event this year will be a big lure to attract more new faces to this great industry (and event).

There will be more focus on making things easier for new customers to use and activate services on domain names. Cool technologies such as DomainConnect or other methods that enable “app store” type activation of domain names will continue to make it simpler for a domain name owner to activate, build and use their domains. This is a crucial evolutionary step in the business, as it plays a significant role in renewal rates and overall customer growth.

We’ll see further innovation in the use of domain names become more mainstream. IoT, GPS/Geo, AI, Bots, voice, AR/VR and other technologies will drive expanded use of domain names. Even Blockchain, which seems to have gotten more pragmatic about purpose, has a lot of promise with how it can interact with DNS now that the hype has scaled back and the designated drivers that remain are plowing forth with their efforts to deliver on the core purpose/benefits they set out to deliver.

Domains, as well as the cool things that you can do with them, will continue to be a growing business that enables people and organizations to build and do great things.

A very happy new year to all DI readers and supporters!

Introducing… the DI Leaders Roundtable

Kevin Murphy, October 7, 2019, Leaders Roundtable

Today, I’m introducing what I hope to be the first of several regular features, the DI Leaders Roundtable.

Every week or two, I’ll be putting a single question to a collection of domain industry and ICANN community leaders and compiling their responses in order to gain some insight into current thoughts on hot topics or broader industry trends from some of the space’s top thinkers.

I’ve tried to reflect a broad cross-section of the industry, with a mix of business, policy and technical expertise from registries, registrars, back-ends, new gTLDs, legacy gTLDs, investors, etc.

The initial line-up for the panel, which will likely evolve as time goes by, is, in alphabetical order.

Ben Crawford, CEO, CentralNic

MugshotCrawford is CEO of CentralNic, a triple-play domain company based in London and listed on the Alternative Investment Market. Initially a vendor of pseudo-gTLDs such as uk.com and gb.com, CentralNic has over the course of the last seven years evolved into a company that sells both its own self-managed TLDs, such as .sk, as well as acting as a back-end for the likes of .xyz, .site and .online. Describing itself as a consolidator, the company nowadays makes most of its money via the registrar side of the house as a result of a series of mergers and acquisitions, particularly the merger with KeyDrive last year.

Jothan Frakes, Executive Director, Domain Name Association

MugshotA long-time industry jack-of-all-trades, Frakes is currently executive director of the Domain Name Association, the prominent industry trade group. Frakes has acted in a number of roles at domain name companies, as well as co-founding the popular NamesCon conference back in 2014. His technical credentials can be exemplified by, among other activities, his participation in Mozilla’s Public Suffix List, while his policy nous could be vouched for by many who have worked with him during his 20 years of ICANN participation.

Richard Kirkendall, CEO, NameCheap

MugshotKirkendall founded leading budget registrar NameCheap in 2000 and has occupied the office of CEO ever since. A long-time Enom reseller, NameCheap’s popularity was for many years shrouded in mystery. It finally transferred the last of its Enom names over to its own accreditation in January 2018, revealing it to have 7.5 million gTLD names under management. It added a further two million over the next 18 months, and says it has over 10 million names in total. NameCheap is known for its low prices and for its occasional support for pro-freedom political causes such as the Electronic Frontier Foundation.

Milton Mueller, Professor, Georgia Tech

MugshotMueller is an academic and among the most prominent voices in ICANN’s Non-Commercial Stakeholder Group. Based at the School of Public Policy at the Georgia Institute of Technology, he founded the Internet Governance Project, an independent policy research outfit, in 2004. He’s the author of several books on the topic, and very active in ICANN policy development, including the current effort to balance privacy rights with commercial interests in the Whois system.

Jeff Neuman, Senior VP, Com Laude

MugshotNeuman is senior vice president of brand-protection registrar Com Laude and sister company Valideus, which provides new gTLD consultancy services to brand owners. From 2000 until 2015, he worked in senior policy and registry business roles at Neustar, helping to apply for and launch .biz in 2001. A noted ICANN policy expert, Neuman has sat on various ICANN working groups and currently co-chairs the New gTLD Subsequent Procedures Policy Development Process, which is developing the rules for the next round of new gTLDs.

Jon Nevett, CEO, Public Interest Registry

MugshotNevett is CEO of Public Interest Registry, which manages the 10-million-domain-strong legacy gTLD .org and a handful of new gTLDs. Prior to PIR, he was executive vice president of Donuts, and one of its four co-founders. He’s been in the domain business since 2004, when he joined Network Solutions as a senior VP on the policy side of the house. Nevett has also been involved in ICANN policy-making, including a stint as chair of the Registrars Constituency.

Michele Neylon, CEO, Blacknight

MugshotNeylon is CEO and co-founder of Blacknight Internet Solutions, a smaller registrar based in Ireland. Known for his “often outspoken” policy views, he’s a member of several ICANN working groups, sits on the GNSO Council representing registrars, and is a member of stakeholder group committees for various ccTLD registries including .eu, .ie and .us. Blacknight has almost 60,000 gTLD registrations to its name but also specializes in serving its local ccTLD market.

Dave Piscitello, Partner, Interisle Consulting Group

MugshotPiscitello is currently a partner at security consultancy Interisle Consulting Group, having retired from his role as vice president of security and ICT coordination at ICANN last year. With over 40 years in the security business, he’s also a board member of the Coalition Against Unsolicited Commercial Email (CAUCE) and the Anti-Phishing Working Group (APWG). Interisle is an occasional ICANN security contractor.

Sandeep Ramchamdani, CEO, Radix Registry

MugshotRamchandani is CEO of Mumbai-based new gTLD registry Radix, which currently has a portfolio of 10 gTLDs and one ccTLD. It’s known primarily for its low-cost, high-volume, pure-generic business model, which has seen its two best performers, .online and .site, rack up almost three million domains between them. Radix is a unit of Directi Group, which is where Ramchandani cut his teeth for almost a decade before taking the reins of Radix in 2012.

Frank Schilling, CEO, Uniregistry

MugshotSchilling started off as a domain investor at the second level, 19 years ago, eventually managing hundreds of thousands of secondary-market domains with his company Name Administration, before founding Uniregistry in order to invest in new gTLDs in 2012. As a registry, Uniregisty has about a quarter of a million names spread across its 22-TLD portfolio; as a registrar it has over 1.2 million domains under management. Schilling is widely considered one of the most successful domain investment pioneers.

Rick Schwartz, aka the “Domain King”

MugshotSchwartz is viewed by domain investors as one of the most successful domainers of all time, and is known for his forthright, blunt criticisms of both new gTLDs and poor domain investment strategies. He’s been buying and selling domain names since 1995, and has sold several category-killer .com domains for seven-figure sums. Schwartz also founded the T.R.A.F.F.I.C. domainer conference in 2004, and it ran for 10 years.

ICANN must do more to fight internet security threats [Guest Post]

ICANN and its contracted parties need to do more to tackle security threats, write Dave Piscitello and Lyman Chapin of Interisle Consulting.

The ICANN Registry and Registrar constituencies insist that ICANN’s role with respect to DNS abuse is limited by its Mission “to ensure the stable and secure operation of the internet’s unique identifier systems”, therefore limiting ICANN’s remit to abuse of the identifier systems themselves, and specifically excluding from the remit any harms that arise from the content to which the identifiers point.

In their view, if the harm arises not from the identifier, but from the thing identified, it is outside of ICANN’s remit.

This convenient formulation relieves ICANN and its constituencies of responsibility for the way in which identifiers are used to inflict harm on internet users. However convenient it may be, it is fundamentally wrong.

ICANN’s obligation to operate “for the benefit of the Internet community as a whole” (see Bylaws, “Commitments”) demands that its remit extend broadly to how a domain name (or other Internet identifier) is misused to point to or lure a user or application to content that is harmful, or to host content that is harmful.

Harmful content itself is not ICANN’s concern; the way in which internet identifiers are used to weaponize harmful content most certainly is.

Rather than confront these obligations, however, ICANN is conducting a distracting debate about the kinds of events that should be described as “DNS abuse”. This is tedious and pointless; the persistent overloading of the term “abuse” has rendered it meaningless, ensuring that any attempt to reach consensus on a definition will fail.

ICANN should stop using the term “DNS abuse” and instead use the term “security threat”.

The ICANN Domain Abuse Activity Reporting project and the Governmental Advisory Committee (GAC) use this term, which is also a term of reference for new TLD program obligations (Spec 11) and related reporting activities. It is also widely used in the operational and cybersecurity communities.

Most importantly, the GAC and the DAAR project currently identify and seek to measure an initial set of security threats that are a subset of a larger set of threats that are recognized as criminal acts in jurisdictions in which a majority of domain names are registered.

ICANN should acknowledge the GAC’s reassertion in its Hyderabad Communique that the set of security threats identified in its Beijing correspondence to the ICANN Board were not an exhaustive list but merely examples. The GAC smartly recognized that the threat landscape is constantly evolving.

ICANN should not attempt to artificially narrow the scope of the term “security threat” by crafting its own definition.

It should instead make use of an existing internationally recognized criminal justice treaty. The Council of Europe’s Convention on Cybercrime is a criminal justice treaty that ICANN could use as a reference for identifying security threats that the Treaty recognizes as criminal acts.

The Convention is recognized by countries in which a sufficiently large percentage domain names are registered that it can serve the community and Internet users more effectively and fairly than any definition that ICANN might concoct.

ICANN should also acknowledge that the set of threats that fall within its remit must include all security events (“realized security threats”) in which a domain name is used during the execution of an attack for purposes of deception, for infringement on copyrights, for attacks that threaten democracies, or for operation of criminal infrastructures that are operated for the purpose of launching attacks or facilitating criminal (often felony) acts.

What is that remit?

ICANN policy and contracts must ensure that contracted parties (registrars and registries) collaborate with public and private sector authorities to disrupt or mitigate:

  • illegal interception or computer-related forgery,
  • attacks against computer systems or devices,
  • illegal access, data interference, or system interference,
  • infringement of intellectual property and related rights,
  • violation of laws to ensure fair and free elections or undermine democracies, and
  • child abuse and human trafficking.

We note that the Convention on Cybercrime identifies or provides Guidance Notes for these most prevalently executed attacks or criminal acts:

  • Spam,
  • Fraud. The forms of fraud that use domain names in criminal messaging include, business email compromise, advance fee fraud, phishing or other identity thefts.
  • Botnet operation,
  • DDoS Attacks: in particular, redirection and amplification attacks that exploit the DNS
  • Identity theft and phishing in relation to fraud,
  • Attacks against critical infrastructures,
  • Malware,
  • Terrorism, and,
  • Election interference.

In all these cases, the misuse of internet identifiers to pursue the attack or criminal activity is squarely within ICANN’s remit.

Registries or registrars should be contractually obliged to take actions that are necessary to mitigate these misuses, including suspension of name resolution, termination of domain name registrations, “unfiltered and unmasked” reporting of security threat activity for both registries and registrars, and publication or disclosure of information that is relevant to mitigating misuses or disrupting cyberattacks.

No one is asking ICANN to be the Internet Police.

The “ask” is to create policy and contractual obligations to ensure that registries and registrars collaborate in a timely and uniform manner. Simply put, the “ask” is to oblige all of the parties to play on the same team and to adhere to the same rules.

This is unachievable in the current self-regulating environment, in which a relatively small number of outlier registries and registrars are the persistent loci of extraordinary percentages of domain names associated with cyberattacks or cybercrimes and the current contracts offer no provisions to suspend or terminate their operations.

This is a guest editorial written by Dave Piscitello and Lyman Chapin, of security consultancy Interisle Consulting Group. Interisle has been an occasional ICANN security contractor, and Piscitello until last year was employed as vice president of security and ICT coordination on ICANN staff. The views expressed in this piece do not necessary reflect DI’s own.