Latest news of the domain name industry

Recent Posts

Registrar terminated after what looks like domain hijacking

Kevin Murphy, January 10, 2020, Domain Registrars

ICANN has canned its first registrar of the year.

Los Angeles-based World Biz Domains will be going out of bizness after ICANN terminated its registrar contract earlier this week, following its non-responsiveness to what appears to be case of domain hijacking.

It’s a nothing registrar, with fewer than 100 domains under management, but it once had over 5,000.

The termination comes following the suspension I blogged about in October, which was related to the transfers to World Biz of 15 potentially valuable domains in late 2018.

The names were all either short numerics or the names of famous places in Singapore and Malaysia.

ICANN spent most of last year demanding records showing that the transfers were legit, but was ghosted.

World Biz allegedly also had failed to deliver Whois records in the proper format, and was behind on its ICANN accreditation fees.

The company will lose its accreditation officially on January 22.

GoDaddy girls often make more money than the men

Kevin Murphy, December 12, 2019, Domain Registrars

Women in some roles at GoDaddy are making more money than their male counterparts, according to data released by the registrar today.

In technical positions in the US, female employees are making on average $1.03 for every $1 men make, GoDaddy said. Women in leadership positions make two cents more than men.

But women in non-techie, non-leadership jobs make a penny less than males, the company said.

“The 2019 global salary data shows that GoDaddy is paying men and women at parity across the company, when comparing men and women in like roles,” GoDaddy said.

The new data also shows that 29% of GoDaddy employees globally are female, which is the same as last year.

But the proportion of women in technical jobs decreased by two points to 17%.

Meanwhile, 36% of non-technical roles are staffed by women, up one point from 2018.

In the US, the female contingent was a little higher — 30% overall, 19% of techies and 37% of non-techies.

The male-female mix at GoDaddy appears to be in the same ballpark as what we generally see with attendance statistics coming out of ICANN meetings — roughly 70/30.

GoDaddy started publishing this data five years ago as part of a plan to foster diversity, reduce unconscious bias, and generally get away from its roguish foundational image as a company that flogged millions of domains with “GoDaddy Girls” — usually busty spokesmodels in skimpy clothing.

AlpNames died months ago. Why is it still the “most-abused” registrar?

Kevin Murphy, December 6, 2019, Domain Registrars

Despite going out of business, being terminated by ICANN, and losing all its domains several months ago, defunct AlpNames is still being listed as the world’s most-abused registrar by a leading spam-fighting organization.

SpamHaus currently ranks the Gibraltar-based company as #1 on its list of the “The 10 Most Abused Domain Registrars”, saying 98.7% of its domains are being used to send spam.

But AlpNames customers and regular DI readers will recall that AlpNames mysteriously went titsup in March, then got terminated by ICANN, then had its entire customer base migrated over to CentralNic in April.

So what’s this about?

SpamHaus

I asked SpamHaus earlier this week, and it turns out that Whois query throttling is to blame.

It seems SpamHaus only pings Whois to update the registrar associated with a specific domain when the domain expires, or the name servers change, or where it’s a new registration with an unknown registrar.

I gather that when CentralNic took over AlpNames’ customer base, it did so with all the original name server information intact.

So, SpamHaus’ database still associates the domains with AlpNames even though it’s been out of business for the better part of a year.

A SpamHaus spokesperson said:

This is a very unusual situation, as a huge majority of the domains that contribute to the Top 10 list in question are created, abused, and burnt quickly; meaning a change of registrar is exceptionally rare. However, in the case of these particular domains registered with AlpNames we can only assume that the sheer volume of unused domains was too high for the owner to use in one single hit.

The actual number of “AlpNames” domains rated as spammy by SpamHaus is pretty low — 1,976 of the 2,002 domains it saw were rated as “bad”.

GMO, at #4 on the list, had over 40,000 “bad” domains, but a lower percentage given the larger number of total domains seen.

Web.com got pwned

Kevin Murphy, November 4, 2019, Domain Registrars

Web.com, which owns top 20 registrars Network Solutions and Register.com, got itself and millions of its customers hacked a few months ago.

The company disclosed last week that malicious hackers broke into its network in late August, making off with customer account information.

The attack was not discovered until October 16.

The compromised data included “name, address, phone numbers, email address and information about the services that we offer to a given account holder”, Web.com said.

“We encrypt credit card numbers and no credit card data was compromised as a result of this incident,” it added.

Customers are being told to change their password next time they log in to their services.

It’s not clear how many registrants were affected. The NetSol accreditation has over seven million domains in the gTLDs alone, while Register.com has almost 1.8 million.

Web.com said it brought on a private security firm to investigate the attack, and informed US law enforcement.

After killing the cows, what does the new Tucows logo remind you of?

Kevin Murphy, October 7, 2019, Domain Registrars

Tucows has launched a refreshed corporate web site that features a new cow-free logo.

Judging by a video posted on the Tucows.com home page over the weekend, the redesign is largely intended to make the company more appealing to prospective employees, many of whom were confused about what exactly Tucows does.

It is of course the second-largest domain registrar by volume, via its Enom, OpenSRS, EPAG and Hover brands, as well as a virtual mobile phone operator in North America under the brand Ting.

There was a time when the site was a cluttered storefront, but all the customer-facing stuff has long since been devolved to the company’s various branded web sites.

Here are the two logos side by side.

Old Tucows LogoNew Tucows Logo

You’ll notice the cows no longer feature. In much the same way as GoDaddy killed off its cartoon “daddy” character last year, Tucows appears to be maturing out of its quirkier roots into a more professional-looking outfit.

Warner Music LogoBut what does the new logo remind you of? I was immediately put in mind of the Warner Music logo, which is basically a flipped version of the Tucows’ stylized W. They even have a similar color scheme.

It’s sufficiently different to avoid confusion, of course, but the similarities are very striking, I thought.

Registrar suspended over dodgy transfers

Kevin Murphy, October 1, 2019, Domain Registrars

ICANN has suspended a Los Angeles-based registrar after failing to get answers to its questions about a bunch of domain transfer.

World Biz Domains won’t be able to sell any gTLD domains, or accept transfers, from October 16 until January 13 next year. It will also have to post ICANN’s suspension notice on its home page.

Its crime? Failing to provide ICANN with records proving that the change of registrant requests for 15 potentially valuable domain names were legitimate.

ICANN has been badgering World Biz for these records since April, but says it was given the runaround.

The domains in question — 28.net, 68.net, 88.org, changi.com, tay.net, goh.net, koh.net, kuantan.com, yeong.com, merlion.org, og.net, raffles.net, sentosa.org, sg.org and shenton.com — all appear to have been registered to a Singaporean investor using the registrar DomainDiscover until about a year ago.

The non-numeric names all have significance to Singapore or neighboring Malaysia one way or the other. Some of them are arguably UDPR fodder.

Shenton is a busy street and hotel in the city, Merlion is Singapore’s lion mascot, Sentosa is a Singaporean island, and Raffles is of course the name of the famous hotel. Other domains on the list are common Chinese surnames used by Singaporeans.

It appears that about a year ago, according to DomainTools’ historical Whois records, they were transferred to World Biz and put under privacy protection.

There’s no specific claim in ICANN’s notice that any domain hijacking has taken place, but it’s easy to infer that the original registrant was for some reason not happy that the domains changed hands and therefore complained to ICANN.

Some of the domains in question have since been transferred to other registrars and may have been returned to the original registrant.

If ICANN’s track record of demanding records is any guide, this will not help World Biz come into compliance.

Should it be terminated, it looks like very few registrants will be affected.

While World Biz at one point had over 5,000 gTLD domains under management, it’s been shrinking consistently for the best part of a decade and in May had just 74 DUM.

September last year, when the domains in question moved to World Biz, was the company’s most-successful month in terms of inbound transfers — 17 domains — since I started tracking this kind of data nine years ago.

Whois killer deadline has passed. Did most registrars miss it?

Kevin Murphy, August 28, 2019, Domain Registrars

The deadline for registrars to implement the new Whois-killer RDAP protocol passed yesterday, but it’s possible most registrars did not hit the target.

ICANN told registrars in February (pdf) that they had six months to start making RDAP (Registration Data Access Protocol) services available.

RDAP is the replacement for the age-old Whois protocol, and provides virtually the same experience for the end user, enabling them to query domain ownership records.

It’s a bit more structured and flexible, however, enabling future services such as tiered, authenticated access.

Despite the August 26 deadline coming and going, ICANN records suggest that as many as three quarter of accredited registrars have not yet implemented RDAP.

The IANA department started publishing the base URLs for registrar RDAP servers recent.

According to this list, there are 2,454 currently accredited registrars, of which only 615 (about 25%) have an RDAP server.

But I’m not convinced this number is particularly useful.

First, just because a registrar’s RDAP server is not listed, does not mean it does not have one.

For example, the two largest registrars, Tucows and GoDaddy, do not have servers on the list, but both are known to have been working on RDAP services for a long time through public pilots or live services. Similarly, some CentralNic registrars have servers listed while others do not.

Second, of the 1,839 accreditations without servers, at least 1,200 are DropCatch.com shells, which tips the scales towards non-compliance considerably.

Still, it seems likely that some registrars did in fact miss their deadline. How stringently ICANN chooses to enforce this remains to be seen.

ICANN itself replaced its “Whois” service with a “Lookup” service last month.

According to Michele Neylon of the registrar Blacknight, contracted parties can also discover RDAP URLs via ICANN’s closed RADAR registrar information portal.

RDAP and Whois will run concurrently for a while before Whois takes its final bow and disappears forever.

Porn-block retail prices revealed. Wow.

Kevin Murphy, August 20, 2019, Domain Registrars

The first retail prices for MMX’s porn-blocking AdultBlock services have been revealed, and they ain’t cheap.

The registrar 101domain yesterday announced that it has started offering AdultBlock and sister service AdultBlock+, and published its pricing.

Trademark owners wanting to block a single string across .sex, .porn, .adult and .xxx will pay $349 per year with the vanilla, renew-annually service.

If they want the AdultBlock+ service, which also blocks homographs, they’ll pay $799 a year or $7,495 for the maximum 10-year term.

Compare this to the Sunrise B offer that ICM Registry made to trademark owners in 2011, where a string in .xxx cost roughly $200 to $300 for a 10-year block.

The two services are not directly comparable, of course. AdultBlock covers three additional TLDs and the AdultBlock+ service covers confusingly similar variants.

But trademark owners are buying peace of mind that their brands won’t be registered as porn sites, and the cost of that peace of mind just increased tenfold.

AdultBlock domains don’t resolve, and are a lot cheaper than domain registrations.

Renewing a single string in all four gTLDs at 101domain prices would cost around $480 a year, so customers will pay about 27% less buying a block instead.

The cost of the first year for those four domains would be $360, just $11 more than the AdultBlock price, according to 101domain’s price list.

MMX, which acquired the gTLD portfolio from ICM last year, is offering a discount on the AdultBlock+ service for customers buying before the end of 2019.

101domain is offering 10 years of AdultBlock+ for $3,999, a saving of $3,500.

101domain is not known as a particularly expensive registrar, so prices elsewhere in the industry could go higher.

Three-letter .com owned by hospital “hijacked”

Kevin Murphy, August 20, 2019, Domain Registrars

A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working.

The Sonoma Index-Tribune reports that the domain was “maliciously acquired”, according to a hospital spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April.

The Sonoma newspaper speculates that the domain may have been hijacked via a phishing attack. It’s not clear whether the hospital or NetSol, part of the Web.com group, was the target.

Three-letter .com names are highly prized, usually selling for tens of thousands of dollars.

Domain investors should obviously steer clear of svh.com, which will is probably already up for sale.

Not only is there a possibility of attracting unwelcome legal attention, but there’s also the moral implications of paying somebody who would steal from a hospital.

The hospital in question has now changed its name to sonomavalleyhospital.org. This transition, which includes migrating the email addresses of all of its staff, seems to have taken several days.

Anyone sending personal medical information to the old svh.com email addresses may find that information in the wrong hands.

Epik will sponsor 8chan’s domain, but will not host its site

Kevin Murphy, August 7, 2019, Domain Registrars

Controversial free-speech registrar Epik has said it will take 8chan’s domain name business, but will not provide content delivery services for the site.

In a post entitled “Epik draws line on Acceptable Use”, CEO Rob Monster wrote:

Upon careful consideration of the recent operating history of 8Chan, and in the wake of tragic news in El Paso and Dayton over the weekend, Epik has elected to not provide content delivery services to 8Chan. This is largely due to the concern of inadequate enforcement and the elevated possibility of violent radicalization on the platform.

He wrote that a “principal” of 8chan approached the company about transferring its domain to Epik on Monday.

The domain was in fact transferred, as DI reported shortly after it happened. Monster told DI that he had not actively solicited the site’s business.

While there’s no evidence its previous registrar, Tucows, had any intention of suspending the domain, its denial-of-service protection provider, CloudFlare, has publicly ditched 8chan and accused it of being responsible for the hate that lead to the El Paso shooting on Saturday.

8chan is a wild-west message board largely frequented by people with far-right views on race. It came in for extra scrutiny when it was reported that the El Paso terrorist posted a racist, anti-immigrant manifesto to the site shortly before the attack.

The site’s current owner, Jim Watkins, posted a surreal video to Twitter yesterday claiming, among other things, that the manifesto had in fact been posted by a third party.

Monster wrote that Epik was “reticent” about allowing 8chan to use its BitMitigate service to replace CloudFlare.

Its decision was moot anyway, as during the course of Monday speculation that 8chan would move to BitMitigate caused Epik’s service provider, Voxility, to sever ties with the company.

This caused BitMitigate to “temporarily” stop working for all of its customers, though regular domain registrants were not affected, Epik said.

Monster wrote that Epik will continue to provide services to all customers that publish legal content, but that it reserves the right to deny service in cases where the site’s owner has shown itself incapable of properly moderating user-generated content.

At time of writing, 8ch.net is not resolving at all for me.