Recent Posts
- Largest back-end switch EVER as GoDaddy loses deal
- Yeah, we got phished, ICANN admits after crypto hack
- ICANN hacked to promote crypto scam
- Super Bowl a bit of a dud for .com?
- More gloom predicted for .com
- These are the .gov domains Trump has deleted so far
- Did Trump just create the world’s next ccTLD?
- $3,000 to do a Whois lookup?
- PIR to join GlobalBlock, but its crown jewel won’t
- LA wildfire victims get domain deletes delay
- .free domains to finally arrive as Amazon reveals three gTLD launches
- Six more gTLDs shown the door, five may be auctioned
- Registrar terminated after ignoring Whois transition
- $10 million ICANN giveaway winners picked
- Whois officially died today
- Typo left MasterCard open to hackers for years
- Could ICANN approve an R-word gTLD?
- These are the TLD growers and shrinkers of 2024 (part two)
- GoDaddy ordered to stop lying about crappy security
- These are the TLD growers and shrinkers of 2024 (part one)
- Dead terrorist domains for sale, just without the hyphens
- ICANN eyes more price hikes as it predicts dismal year for industry
- Meet the six people battling to join ICANN’s board
- New gTLD use cases not much use
- Defensive dot-brands are renewing, making ICANN millions
- Identity Digital offers free domain trials through LinkedIn
- Antisemitic remarks cost registrar dearly
- ICANN lawyers want to keep their clients secret
- Facebook cybersquatter asks ICANN to overturn UDRP ruling
- .xxx founder Stuart Lawley has died
- The new gTLD Next Round is really happening as two ICANN programs go live
- Verisign has much to be thankful for as .com contract renewed
- Another 40,000 .ai domains registered
- RDRS usage hits new low
- A dot-brand that was actually used is shutting down
- .id joins the million-domain club
- GoDaddy’s .xxx contract renewed
- Twitter clone Bluesky has one feature domain people should like
- ICANN confirms two bans on new gTLD gaming
- eBay slogan domain no longer has a BIN price
- Will Donald Trump be .io’s white knight?
- As customers flee legacy gTLDs, .org tops 11 million names
- Company accidentally puts porn domain on kids’ toys
- eBay’s new slogan looks like a $75,000 domain it doesn’t own
- Americans are deserting .com
- Weak Q3 for the domain universe, Verisign reports
- ICANN says it WILL raise its domain taxes soon
- Senator says domain industry “enables” Russian disinfo attacks
- bit.ليبيا? Libya to get its Arabic ccTLD
- Verisign gets eight more years running the root
- Two-horse race for open ICANN board seat
- Chinese say internet not ready for single-letter gTLDs
- Unloved INTA slams ICANN over new gTLDs
- Namecheap scores win in .org price-cap lawsuit
- Some Guy wants to take over .com and .net
- Second-shot gTLD bid rules revealed
- Nominet names directors after tight election
- Lawyer ban coming to ICANN
- Identity Digital to take over .ai
- ICA teams up with WIPO on UDRP reform
- Response to sex harassment lawsuit “inadequate”, say ICANN vets
- Unstoppable tops four million names
- Amazon readying fashion and book gTLDs
- Five times ICANN deleted a ccTLD, and what it means for .io
- Future of .io domains uncertain as UK hands over Chagos islands
- .ai now has over half a million names
- UK and Israel cut ICANN funding
- Twitter now up-to-date on linkification
- Moment of truth as .music domains finally go on sale
- ICANN fixes embarrassing “What is a Domain Name?” mistake
- Another ccTLD opens up its second level
- Reporter gains first access to .io island for decades
- .io sells $40 million of domains after massive uptick
- After five years, “useless” TLD has two web sites
- Verisign agrees to .com takedown rules
- New .com contract could see ALL domain prices go up
- Investing in .ad domains may be risky
- Plurals ban policy handed to ICANN board
- Three .now domains sell at premium EAP prices
- ICANN confirms new gTLD application fee
- New gTLD application fee rises by thousands after collision call
- Former .co registry defeated in $350 million contract fix case
- Is this the first Next Round new gTLD contention battle?
- ICANN names its Supreme Court judges
- Who uses Sunrise nowadays? You might be surprised
- ICANN gunning for Tencent over abuse claims
- All the one-character .sk domains to be auctioned
- Straggler gTLD signs first ICANN contract for years
- GoDaddy likely to win relaxed .xxx deal
- Tonkin promoted to CEO at auDA
- ICANN hires new Ombuds from WIPO
- Big twist as ICANN bans new gTLD auctions
- ICANN to “strengthen” harassment rules as it picks another homophobic meeting host
- .my global relaunch starts slowly despite cheapo prices
- Hackers break .mobi after Whois domain expires
- The new gTLD next, next and next round
- Squarespace gets sweetened $7.2 billion takeover offer
- ICANN hit by DDoS attack
- Russia calls for ICANN to split from US
- China loses over half a million domains
- ICANN to be director light for months
- FBI seizes Russian fake news domains
- Chinese registrars back in trouble after porn UDRP suspension
- Sataki quits ICANN board
- Microsoft switches two gTLDs from GoDaddy to Nominet
- ICANN homes in on new gTLD application fee
- Four more dot-brands switch back-ends
- Uzbekistan gets its first ICANN registrar
- Almost 100,000 .tr domains registered in one day
- ICA finally comments on .com pricing talks
- Unstoppable reveals gTLD bid doomed to fail
- RDRS usage stabilizing?
- “Frat boy culture” ICANN faces more sexual harassment claims
- Unstoppable gets ICANN accreditation
- AI and games among July’s interesting dot-brand domains
- ICANN U-turns on appeals loophole after community revolt
- ICANN to terminate five new gTLDs
- US could change .com pricing terms
- Two out, two in as NomCom picks new ICANN directors
- .cv domains now on sale worldwide
- It’s official, .internal is blocked forever
- Amazon to launch two new gTLDs this month
- Revealed: who’s really running Epik
- ICANN swaps out Asia VP
- No .uk price hikes despite tumbling sales
Largest back-end switch EVER as GoDaddy loses deal
It’s going to be the largest ever migration of a single TLD between back-end registry service providers, but it was announced without fanfare late last week.
On page four of Tucows CEO Elliot Noss’s prepared fourth-quarter remarks to analysts last week, he revealed the company has beaten GoDaddy to take over the contract to run India’s .in ccTLD:
Tucows Domains was recently selected to be the technical services provider for the .IN country code domain, operated by the National Internet Exchange of India. Our teams are closely collaborating and we are establishing a dedicated team in India to support this initiative
Noss said that the migration involves “approximately 4 million domains” and will take place “later this year”.
While NIXI does not publish its registration numbers, Verisign’s Domain Name industry Brief put .in at 4.1 million names at the end of 2024.
Even accounting for upwards rounding by Noss, 4 million names would make the migration the largest in the history of the DNS.
The current record was set in 2018, when Afilias (now Identity Digital) took over Australia’s .au from Neustar (now GoDaddy. There were 3.1 million names in .au at that time.
When Neustar/GoDaddy took over .in from Afilias/Identity Digital in 2019, it was reportedly because it had bid $0.70 per domain, undercutting the incumbent’s offer of $1.10
But, while the deal is surely worth many millions (maybe $10 million over five years if we guess at a $0.50 bid) to Tucows’ top line, it may not be especially profitable.
Noss said in his remarks to analysts: “The pricing and margin contribution for this piece of business is typical of a large, high volume customer.”
But a demonstrable track record of handling large migrations often comes up in registry RFPs, so the .in deal puts Tucows in a strong position in future contract opportunities.
Yeah, we got phished, ICANN admits after crypto hack
ICANN has confirmed that a phishing attack was responsible for the hacking of its Twitter account last night.
The Org placed this statement, which suggested that the attack may have been more sophisticated than you might have thought, on its home page earlier this evening:
On 11 February 2025, ICANN became aware of a successful phishing attack on our ICANN X [Twitter] account. We are investigating the root cause of the issue and working to resolve it as soon as possible. ICANN uses multi-factor authentication on all social media platforms and has confirmed that none of our other accounts have been impacted.
The hack saw ICANN’s Twitter account tweet several messages promoting a newly created memecoin cryptocurrency called $DNS, presumably to scam would-be investors out of money.
The compromise, which seemed to be timed to close of business in ICANN’s home in California, did not last long and the tweets were swiftly deleted.
Now ICANN seems to have confirmed that one of its staffers was phished to obtain @ICANN’s login credentials, but the fact that the account was protected by multi-factor authentication creates an additional wrinkle.
Twitter offers three MFA methods — codes delivered via SMS, a mobile authenticator app, or a hardware token.
In each case, logging in requires the user to have a physical device in their hand to create the secondary login credential. The victim would have had to provide this time-limited one-time password to the attacker too.
I hope the staffer who got suckered, presumably a member of the comms team, isn’t getting too much of a bollocking today, as these kinds of attacks are increasingly sophisticated and managing online life increasingly complex.
Just a day earlier, the well-known BBC political journalist Nick Robinson, who presents the popular Today show on Radio 4, got phished in what one assumes was a very similar way and for an identical purpose.
This BBC article goes into some detail about the attack on Robinson, including screenshots of the phishing email he fell for, and goes a way to explain how even somebody trained to avoid this kind of stuff can have a moment of vulnerability.
While few of Robinson’s one million Twitter followers could have seriously believed that Today had launched a memecoin, it’s more plausible that somebody familiar with crypto and somewhat aware of ICANN could have believed that ICANN would. The two areas of tech increasingly intersect nowadays.
When the attack proved successful, the bad guy must have thought all of her Christmases had come at once.
ICANN says it is going to post more information to its cybersecurity incident log as its investigation progresses.
If it turns out the phish was successful because somebody didn’t check the domain name of the link they were clicking on, it could be fascinating reading.
ICANN hacked to promote crypto scam
ICANN’s Twitter account appeared to be hacked briefly last night, and was used to promote what looks like a pump-and-dump cryptocurrency scam.
A series of tweets from the official @ICANN account plugged a memecoin named $DNS from around 0200 UTC today, just when ICANN’s California crew would have been clocking off for the day.
“2025: The Internet Gets Its Own Currency. @icann is redefining digital ownership with $DNS – the first memecoin to merge domain governance & Web3 culture,” one of the tweets read, according to a screen capture from domain lawyer John Berryhill.
ICYMI pic.twitter.com/f8R3AzaLaO
— John Berryhill (@Berryhillj) February 12, 2025
The posts linked to dnscoin.org, which at the time was a live web site promoting “$DNS. Own the Internet Again. ICANN’s decentralized memecoin for domain governance”, according to what little remains visible in Google’s index.
The domain, which had been registered for years, has already been deleted entirely. Not suspended. It’s just gone.
ICANN seems to have restored control over its Twitter account fairly quickly, but Berryhill’s caps show the scam tweets were viewed by at least a couple thousand of @ICANN’s 104,000 followers.
The apparent scam appears to be either a modern-day pump-and-dump scheme, where investors hype up a crypto coin only to cash out when its value peaks, or what crypto investors call a “rug pull”, which is more akin to straightforward theft.
Either way, it seems possible that some people may have lost some money, and ICANN’s not-great reputation for security has certainly suffered another embarrassing setback.
It seems likely that @ICANN either had a weak password, or somebody with access to the account got their device compromised in some way.
ICANN, no doubt sifting through the evidence this morning, has yet to publish an official statement.
Super Bowl a bit of a dud for .com?
Having two of its largest registrars advertising during Sunday’s Super Bowl broadcast doesn’t seem to have given Verisign’s declining .com flagship much of a boost.
According to numbers published on the company’s web site, .com has grown by about 30,000 domains in the last two days.
While that’s certainly not to be sniffed it, it’s well within the parameters of a normal day’s operation for .com. The TLD’s zone file shrinks more days than it grows nowadays, but five-figure daily upticks are not uncommon.
GoDaddy and Squarespace both took out 30-second spots during the Super Bowl. Both featured high-profile actors and had high production values, but neither mentioned domain names once.
GoDaddy’s focused on its Airo tool and Squarespace’s… goodness knows what that was all about.
Verisign CEO Jim Bidzos last week told analysts that the two commercials were a sign that its registrar partners are starting to focus more on customer acquisition, which should help .com return to growth.
More gloom predicted for .com
Verisign is predicting more shrinkage at .com and .net in 2025, despite a few notes of optimism from its CEO.
The company said last night that its two flagship gTLDs shrunk by a combined 3.7 million domains in 2024, a 2.1% decrease, as I flagged up a couple weeks ago, and that its growth this year will be between negative 2.3% and negative 0.3%.
The quarterly loss was around 500,000 domains. Verisign ended the quarter with 169 million domains under management.
CEO Jim Bidzos again told analysts that the shrinkage was partly due to weakness in China and partly due to American registrars concentrating on profit margins over customer acquisition.
Growth was positive in the EMEA region, he said, without quantifying it.
Bidzos said that marketing programs the company recently launched show early signs of adoption by registrars, and that he expects registrars to refocus on customer acquisition as part of a cyclical trend.
He pointed to the fact that two registrars — presumably GoDaddy and Squarespace — have taken out pricey Super Bowl TV ads this weekend as an encouraging sign.
He said that Verisign is “considering looking at” applying for new gTLDs next year and is “looking at the potential for applications”.
The company reported Q4 net income of $191 million, down from $265 million a year earlier, on revenue that was up 3.9% at $395 million.
For the full year, Verisign had net income of $786 million versus $818 million in 2023, on revenue that was up 4.3% at $1.56 billion.
These are the .gov domains Trump has deleted so far
US government domain names covering policies on child support benefits, law enforcement accountability, and clean energy are among over a dozen deleted by the Trump administration since January 20.
The deletions, some of which seem to be linked to the overturning of former Presiden Biden’s executive orders, may give some insight into the new administration’s priorities.
Notably, childtaxcredit.gov has been deleted from the .gov zone file, based on a comparison of the January 19 and February 6 zone files.
The domain previously redirected to a page on whitehouse.gov that espoused the virtues of the Child Tax Credit, which since 1997 has provided tax breaks to American families currently worth $2,000 per child.
That page has also been deleted, though versions can be found on Archive.org.
Also deleted is nlead.gov, the domain for the Biden-created National Law Enforcement Accountability Database, which sought to make records of police misconduct available to LEA recruiters. The web site is now down.
The domains build.gov, invest.gov and others that promoted the Biden-era $568 billion Infrastructure Investment and Jobs Act, also known as the Bipartisan Infrastructure Law, are also gone.
Also deleted, publicserviceloanforgiveness.gov and pslf.gov, which promoted Biden’s student loan forgiveness project, and cleanenergy.gov, which promoted his environmental investment policies.
Here’s the list of domains that have been deleted since January 20. I’ve excluded names that appear to have been owned by state and local governmental registrants.
build.gov
buildbackbetter.gov
childtaxcredit.gov
cleanenergy.gov
economicopportunity.gov
invertir.gov
invest.gov
investinamerica.gov
investinginamerica.gov
nlead.gov
pslf.gov
publicserviceloanforgiveness.gov
unitedwestand.gov
whitehousedrugpolicy.gov
The domains in most cases are still registered, according to Whois records, so they could come back online at a later date, but the fact they have been deleted from the .gov zone file means they no longer resolve.
As DomainGang notes, the domains dei.gov and waste.gov are among those that have been registered since Trump’s inauguration, though neither currently resolve.
About 150 .gov domains have entered the zone file since January 20, but almost all appear to represent small towns around the country, rather than the federal government.
Did Trump just create the world’s next ccTLD?
Could there be a .gz?
I’m sometimes happy that DI has such a narrow beat. Today, it means I don’t have to discuss the legal, political, moral or ethical implications of US President Donald Trump’s just-announced plan for Gaza.
At a press conference last night, Trump said he wants the Palestinians to leave Gaza, to be resettled elsewhere in the region, and for the US to “take over” the territory and have a “long-term ownership position” on it.
The details of Trump’s aspiration are not immediately clear. Is he talking about a military occupation? Annexation? Does he just want to build another golf course?
It’s almost certainly too early to speculate, so let’s speculate.
With Trump talking about US ownership of Gaza, it is not beyond the bounds of possibility that Gaza’s future, should his plan come to fruition, is as a US territory, or something very much like one.
Populated territories of any nation in general get their own ccTLD. Puerto Rico’s .pr and Guam’s .gu are two examples of US territories with their own ccTLDs.
The US annexation of Gaza would not necessarily even have to be legal under international law or recognized by America’s peers in the United Nations to create the possibility of a new ccTLD.
The path to the root involves a lot of buck-passing and at no point includes a qualitative evaluation of whether a territory is legal or otherwise deserving of recognition.
As you may know, ICANN’s IANA department is responsible for adding and removing ccTLDs from the DNS root, but it takes its cues from the International Organization for Standardization.
Under long-standing IANA convention known as ICP-1, any territory with a two-letter code on the ISO 3166-1 alpha-2 list qualifies for a ccTLD. If a registry can show technical nous and local support, it can claim the TLD.
But the ISO takes its cues in turn from the Statistics Division of the United Nations Secretariat, and its M49 standard, “Standard Country or Area Codes for Statistical Use”.
A territory appears on that list as a matter of “statistical convenience” for the UN, and does not imply that the UN or its member states recognize that territory politically.
Palestine itself was granted its ccTLD, .ps, a quarter-century ago, as “Occupied Palestinian Territory”, despite the legal status of the territory being disputed, because UN Stats and ISO decided to put it on their lists.
So Gaza could possibly get its own ccTLD if the US takes it over and splits it from the West Bank, even if it becomes a contested hell-hole where the luxury beachfront hotels are bombed to rubble faster than Trump can build them.
.gz is available, assuming Gaza is not renamed Trumpland or Disneyworld East or something.
$3,000 to do a Whois lookup?
ICANN’s Registration Data Request Service cost hundreds, maybe even thousands, of dollars every time it was used in its first year, according to an analysis of official stats.
RDRS is the system designed to connect entities such as trademark owners, security researchers, and law enforcement with registrars, allowing them to request private domain registration data that is usually redacted in Whois records.
It’s running as a two-year pilot, in order to gauge demand and effectiveness, and its first full month of operation was December 2023.
ICANN has been publishing monthly transparency reports, including data such as number of requests and outcomes, and we know how much it cost the Org to develop and operate, so it should be possible to make some back-of-the-envelope calculations about how much each request costs the ICANN taxpayer.
The cost could range from about $300 to over $3,000 per request, even using some fairly generous assumptions.
RDRS cost $1,647,000 to develop, which is pretty much a shoestring by ICANN standards. Most of that was internal staffing costs, with some also being spent on external security testing services.
The total operational cost for the first 10 months was $685,000. Before ICANN publishes its calendar Q4 financials later this month, we could extrapolate that the first 12 months of operation was around $800,000, but let’s be generous and stick with $685,000 for this particular envelope’s backside.
While there were 7,871 registered requesters at the end of November 2024, they had collectively only submitted 2,260 requests over the same period.
Only 2,057 of those requests had been closed at the end of the period, and only 23% of closed requests resulted in registrar approval and data being fully handed over to the requester.
That works out to 474 approved requests in the first year.
With the most-generous assumptions, $685,000 of ops costs divided by 2,260 requests equals $303 per request.
If we only count approved requests, we’re talking about $1,445 per successful Whois lookup equivalent.
But we should probably switch to an envelope with a larger rear end and include the $1.6 million development costs in our calculations too.
If we factor in half of those costs (it’s a two-year pilot), we’re looking at about $666 per request or $3,181 per successful request in the first 12 months.
If the system was more widely used, the per-request cost would of course fall under this calculation, but there’s no indication that usage is significantly on the increase just yet.
These are only the costs incurred to ICANN. Registrars on one side of the service and requesters on the other also bear their own costs of working with the service.
Dealing with RDRS is not the same as doing a Whois lookup. You have to deal with a much lengthier form, add attachments, make a reasoned legal case for your request, etc. It eats work-hours and staff need to be trained on the system.
It may seem that $3,181 to do a Whois lookup is too expensive for the ICANN taxpayer.
And maybe it is, if it’s being predominantly used to assist (say) Facebook’s trademark enforcement strategy.
But if those Whois lookups help law enforcement more quickly nail a gang of fentanyl dealers or child sexual abuse material distributors, maybe the costs are more than justified.
At the end of November the number of requests from law enforcement was 15.6% of the total, while IP holders accounted for 29.7%, ICANN stats show.
ICANN’s board of directors will decide towards the end of the year whether the RDRS pilot has been successful and whether it should continue indefinitely.
PIR to join GlobalBlock, but its crown jewel won’t
Public Interest Registry is set to join GlobalBlock, the multi-TLD trademark blocking network, following approval of a series of ICANN registry contract amendments.
It will become easily the largest registry operator, by domains under management, to sign up for the service. But its crown jewel, .org, will not be included, I’m told.
.charity, .foundation, .gives, .giving, .ngo and .ong, along with four translations in non-Latin scripts, will become part of GlobalBlock, meaning trademark owners will get to block their brands rather than defensively register them, saving a bit of money.
But the protections will not extend to .org, which with over 11 million domains is the third-largest gTLD. This is probably quite telling.
GlobalBlock says it currently blocks domains in 634 “extensions”, by which it means a mix of gTLDs, ccTLDs, and second-level domains in the consensus DNS, as well as some newer blockchain-based namespaces.
LA wildfire victims get domain deletes delay
Victims of the recent wildfires in the Los Angeles area have been offered special relief from renewing their expiring domains, according to an ICANN note to registrars.
Registrars were told last week that they “will be permitted to temporarily forebear from canceling domain registrations that are unable to be renewed because of the impact of the fires in Los Angeles, California, on domain name registrants.”
The LA fires reportedly destroyed or damaged 18,000 buildings, killed 29 people, and turned 200,000 into evacuees.
The Registrar Accreditation Agreement gives ICANN the discretion to allow its registrars to keep domains alive beyond their usual lifespan due to “extenuating circumstances”.
That’s been taken to mean natural disasters including hurricanes Maria, Helene and Milton, the earthquakes in Türkiye and Syria in 2023, the Covid-19 pandemic, as well as the Russian invasion of Ukraine.
The idea is to help victims of disasters keep their domains — and therefore often their livelihoods — after the usual renewal date if their credit cards are buried under a pile of rubble and they have more important things on their minds.
Los Angeles is the home of ICANN’s corporate headquarters.
Recent Comments