Latest news of the domain name industry

Recent Posts

AlpNames died months ago. Why is it still the “most-abused” registrar?

Kevin Murphy, December 6, 2019, Domain Registrars

Despite going out of business, being terminated by ICANN, and losing all its domains several months ago, defunct AlpNames is still being listed as the world’s most-abused registrar by a leading spam-fighting organization.

SpamHaus currently ranks the Gibraltar-based company as #1 on its list of the “The 10 Most Abused Domain Registrars”, saying 98.7% of its domains are being used to send spam.

But AlpNames customers and regular DI readers will recall that AlpNames mysteriously went titsup in March, then got terminated by ICANN, then had its entire customer base migrated over to CentralNic in April.

So what’s this about?

SpamHaus

I asked SpamHaus earlier this week, and it turns out that Whois query throttling is to blame.

It seems SpamHaus only pings Whois to update the registrar associated with a specific domain when the domain expires, or the name servers change, or where it’s a new registration with an unknown registrar.

I gather that when CentralNic took over AlpNames’ customer base, it did so with all the original name server information intact.

So, SpamHaus’ database still associates the domains with AlpNames even though it’s been out of business for the better part of a year.

A SpamHaus spokesperson said:

This is a very unusual situation, as a huge majority of the domains that contribute to the Top 10 list in question are created, abused, and burnt quickly; meaning a change of registrar is exceptionally rare. However, in the case of these particular domains registered with AlpNames we can only assume that the sheer volume of unused domains was too high for the owner to use in one single hit.

The actual number of “AlpNames” domains rated as spammy by SpamHaus is pretty low — 1,976 of the 2,002 domains it saw were rated as “bad”.

GMO, at #4 on the list, had over 40,000 “bad” domains, but a lower percentage given the larger number of total domains seen.

Web.com got pwned

Kevin Murphy, November 4, 2019, Domain Registrars

Web.com, which owns top 20 registrars Network Solutions and Register.com, got itself and millions of its customers hacked a few months ago.

The company disclosed last week that malicious hackers broke into its network in late August, making off with customer account information.

The attack was not discovered until October 16.

The compromised data included “name, address, phone numbers, email address and information about the services that we offer to a given account holder”, Web.com said.

“We encrypt credit card numbers and no credit card data was compromised as a result of this incident,” it added.

Customers are being told to change their password next time they log in to their services.

It’s not clear how many registrants were affected. The NetSol accreditation has over seven million domains in the gTLDs alone, while Register.com has almost 1.8 million.

Web.com said it brought on a private security firm to investigate the attack, and informed US law enforcement.

After killing the cows, what does the new Tucows logo remind you of?

Kevin Murphy, October 7, 2019, Domain Registrars

Tucows has launched a refreshed corporate web site that features a new cow-free logo.

Judging by a video posted on the Tucows.com home page over the weekend, the redesign is largely intended to make the company more appealing to prospective employees, many of whom were confused about what exactly Tucows does.

It is of course the second-largest domain registrar by volume, via its Enom, OpenSRS, EPAG and Hover brands, as well as a virtual mobile phone operator in North America under the brand Ting.

There was a time when the site was a cluttered storefront, but all the customer-facing stuff has long since been devolved to the company’s various branded web sites.

Here are the two logos side by side.

Old Tucows LogoNew Tucows Logo

You’ll notice the cows no longer feature. In much the same way as GoDaddy killed off its cartoon “daddy” character last year, Tucows appears to be maturing out of its quirkier roots into a more professional-looking outfit.

Warner Music LogoBut what does the new logo remind you of? I was immediately put in mind of the Warner Music logo, which is basically a flipped version of the Tucows’ stylized W. They even have a similar color scheme.

It’s sufficiently different to avoid confusion, of course, but the similarities are very striking, I thought.

Registrar suspended over dodgy transfers

Kevin Murphy, October 1, 2019, Domain Registrars

ICANN has suspended a Los Angeles-based registrar after failing to get answers to its questions about a bunch of domain transfer.

World Biz Domains won’t be able to sell any gTLD domains, or accept transfers, from October 16 until January 13 next year. It will also have to post ICANN’s suspension notice on its home page.

Its crime? Failing to provide ICANN with records proving that the change of registrant requests for 15 potentially valuable domain names were legitimate.

ICANN has been badgering World Biz for these records since April, but says it was given the runaround.

The domains in question — 28.net, 68.net, 88.org, changi.com, tay.net, goh.net, koh.net, kuantan.com, yeong.com, merlion.org, og.net, raffles.net, sentosa.org, sg.org and shenton.com — all appear to have been registered to a Singaporean investor using the registrar DomainDiscover until about a year ago.

The non-numeric names all have significance to Singapore or neighboring Malaysia one way or the other. Some of them are arguably UDPR fodder.

Shenton is a busy street and hotel in the city, Merlion is Singapore’s lion mascot, Sentosa is a Singaporean island, and Raffles is of course the name of the famous hotel. Other domains on the list are common Chinese surnames used by Singaporeans.

It appears that about a year ago, according to DomainTools’ historical Whois records, they were transferred to World Biz and put under privacy protection.

There’s no specific claim in ICANN’s notice that any domain hijacking has taken place, but it’s easy to infer that the original registrant was for some reason not happy that the domains changed hands and therefore complained to ICANN.

Some of the domains in question have since been transferred to other registrars and may have been returned to the original registrant.

If ICANN’s track record of demanding records is any guide, this will not help World Biz come into compliance.

Should it be terminated, it looks like very few registrants will be affected.

While World Biz at one point had over 5,000 gTLD domains under management, it’s been shrinking consistently for the best part of a decade and in May had just 74 DUM.

September last year, when the domains in question moved to World Biz, was the company’s most-successful month in terms of inbound transfers — 17 domains — since I started tracking this kind of data nine years ago.

Whois killer deadline has passed. Did most registrars miss it?

Kevin Murphy, August 28, 2019, Domain Registrars

The deadline for registrars to implement the new Whois-killer RDAP protocol passed yesterday, but it’s possible most registrars did not hit the target.

ICANN told registrars in February (pdf) that they had six months to start making RDAP (Registration Data Access Protocol) services available.

RDAP is the replacement for the age-old Whois protocol, and provides virtually the same experience for the end user, enabling them to query domain ownership records.

It’s a bit more structured and flexible, however, enabling future services such as tiered, authenticated access.

Despite the August 26 deadline coming and going, ICANN records suggest that as many as three quarter of accredited registrars have not yet implemented RDAP.

The IANA department started publishing the base URLs for registrar RDAP servers recent.

According to this list, there are 2,454 currently accredited registrars, of which only 615 (about 25%) have an RDAP server.

But I’m not convinced this number is particularly useful.

First, just because a registrar’s RDAP server is not listed, does not mean it does not have one.

For example, the two largest registrars, Tucows and GoDaddy, do not have servers on the list, but both are known to have been working on RDAP services for a long time through public pilots or live services. Similarly, some CentralNic registrars have servers listed while others do not.

Second, of the 1,839 accreditations without servers, at least 1,200 are DropCatch.com shells, which tips the scales towards non-compliance considerably.

Still, it seems likely that some registrars did in fact miss their deadline. How stringently ICANN chooses to enforce this remains to be seen.

ICANN itself replaced its “Whois” service with a “Lookup” service last month.

According to Michele Neylon of the registrar Blacknight, contracted parties can also discover RDAP URLs via ICANN’s closed RADAR registrar information portal.

RDAP and Whois will run concurrently for a while before Whois takes its final bow and disappears forever.

Porn-block retail prices revealed. Wow.

Kevin Murphy, August 20, 2019, Domain Registrars

The first retail prices for MMX’s porn-blocking AdultBlock services have been revealed, and they ain’t cheap.

The registrar 101domain yesterday announced that it has started offering AdultBlock and sister service AdultBlock+, and published its pricing.

Trademark owners wanting to block a single string across .sex, .porn, .adult and .xxx will pay $349 per year with the vanilla, renew-annually service.

If they want the AdultBlock+ service, which also blocks homographs, they’ll pay $799 a year or $7,495 for the maximum 10-year term.

Compare this to the Sunrise B offer that ICM Registry made to trademark owners in 2011, where a string in .xxx cost roughly $200 to $300 for a 10-year block.

The two services are not directly comparable, of course. AdultBlock covers three additional TLDs and the AdultBlock+ service covers confusingly similar variants.

But trademark owners are buying peace of mind that their brands won’t be registered as porn sites, and the cost of that peace of mind just increased tenfold.

AdultBlock domains don’t resolve, and are a lot cheaper than domain registrations.

Renewing a single string in all four gTLDs at 101domain prices would cost around $480 a year, so customers will pay about 27% less buying a block instead.

The cost of the first year for those four domains would be $360, just $11 more than the AdultBlock price, according to 101domain’s price list.

MMX, which acquired the gTLD portfolio from ICM last year, is offering a discount on the AdultBlock+ service for customers buying before the end of 2019.

101domain is offering 10 years of AdultBlock+ for $3,999, a saving of $3,500.

101domain is not known as a particularly expensive registrar, so prices elsewhere in the industry could go higher.

Three-letter .com owned by hospital “hijacked”

Kevin Murphy, August 20, 2019, Domain Registrars

A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working.

The Sonoma Index-Tribune reports that the domain was “maliciously acquired”, according to a hospital spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April.

The Sonoma newspaper speculates that the domain may have been hijacked via a phishing attack. It’s not clear whether the hospital or NetSol, part of the Web.com group, was the target.

Three-letter .com names are highly prized, usually selling for tens of thousands of dollars.

Domain investors should obviously steer clear of svh.com, which will is probably already up for sale.

Not only is there a possibility of attracting unwelcome legal attention, but there’s also the moral implications of paying somebody who would steal from a hospital.

The hospital in question has now changed its name to sonomavalleyhospital.org. This transition, which includes migrating the email addresses of all of its staff, seems to have taken several days.

Anyone sending personal medical information to the old svh.com email addresses may find that information in the wrong hands.

Epik will sponsor 8chan’s domain, but will not host its site

Kevin Murphy, August 7, 2019, Domain Registrars

Controversial free-speech registrar Epik has said it will take 8chan’s domain name business, but will not provide content delivery services for the site.

In a post entitled “Epik draws line on Acceptable Use”, CEO Rob Monster wrote:

Upon careful consideration of the recent operating history of 8Chan, and in the wake of tragic news in El Paso and Dayton over the weekend, Epik has elected to not provide content delivery services to 8Chan. This is largely due to the concern of inadequate enforcement and the elevated possibility of violent radicalization on the platform.

He wrote that a “principal” of 8chan approached the company about transferring its domain to Epik on Monday.

The domain was in fact transferred, as DI reported shortly after it happened. Monster told DI that he had not actively solicited the site’s business.

While there’s no evidence its previous registrar, Tucows, had any intention of suspending the domain, its denial-of-service protection provider, CloudFlare, has publicly ditched 8chan and accused it of being responsible for the hate that lead to the El Paso shooting on Saturday.

8chan is a wild-west message board largely frequented by people with far-right views on race. It came in for extra scrutiny when it was reported that the El Paso terrorist posted a racist, anti-immigrant manifesto to the site shortly before the attack.

The site’s current owner, Jim Watkins, posted a surreal video to Twitter yesterday claiming, among other things, that the manifesto had in fact been posted by a third party.

Monster wrote that Epik was “reticent” about allowing 8chan to use its BitMitigate service to replace CloudFlare.

Its decision was moot anyway, as during the course of Monday speculation that 8chan would move to BitMitigate caused Epik’s service provider, Voxility, to sever ties with the company.

This caused BitMitigate to “temporarily” stop working for all of its customers, though regular domain registrants were not affected, Epik said.

Monster wrote that Epik will continue to provide services to all customers that publish legal content, but that it reserves the right to deny service in cases where the site’s owner has shown itself incapable of properly moderating user-generated content.

At time of writing, 8ch.net is not resolving at all for me.

CentralNic to pay $3.4 million for iwantmyname

Kevin Murphy, August 7, 2019, Domain Registrars

CentralNic has made yet another registrar acquisition, picking up New Zealand-based Ideegeo Group for the equivalent of $3.4 million.

The company said it will pay NZD 5.2 million, of which 10% is being deferred until May 2021.

Ideegeo runs the registrar iwantmyname.com. It’s not ICANN-accredited in its own right, rather it’s a reseller of Hexonet, which CentralNic has also acquired.

With 180,000 names under management, Ideegeo accounted for a little under 5% of Hexonet’s business in terms of domain names.

Ideegeo had revenue last year of NZD 6.2 million ($4.2 million) and EBITDA of NZD 0.9 million ($600,000), CentralNic said.

CentralNic indicated that the acquisition has enabled it to lock in that revenue, preventing iwantmyname switching to a different reseller network.

But it’s not just the DUM CentralNic is interested in. It also said it wants its user-friendly interface, which it intends to roll out across its other retail registrar web sites.

There are also up-sell opportunities, as iwantmyname currently sells only domain names and none of the usually associated accoutrements.

It’s CentralNic’s fifth acquisition in the last 12 months.

It still has plenty of money left over from a recent €50 million ($56 million) bond issue, so don’t expect it to be the last.

After more racist shootings, take one guess which registrar 8chan just switched to

Kevin Murphy, August 5, 2019, Domain Registrars

Controversial web forum 8chan has moved its domain name to a new registrar after it was linked to at least one of the two mass shootings that occurred in the US over the weekend.

According to Whois records, it’s just jumped to racist-friendly Epik, having been registered at Tucows since 2003.

The switch appears to have happened in the last few hours. At time of writing, you’re going to get different results depending which Whois server you ping.

Some servers continue to report Tucows as the registrar of record, perhaps using cached data, but Epik’s result looks like this:

Whois output

8chan is an image/discussion board that describes itself as “the Darkest Reaches of the Internet”. It’s reportedly heavily used by racists, extremists and those with an interest in child pornography.

It was widely linked by the media to the shooting in the border town of El Paso, Texas on Saturday, which claimed the lives of 20 people and left 26 more injured.

The suspect in the case reportedly posted to 8chan a 2,300-word racist “manifesto”, in which he ranted against Latino immigration, just 20 minutes before launching the attack.

This morning, Cloudflare announced that it would no longer provide denial-of-service attack protection for the web site, saying:

The rationale is simple: they have proven themselves to be lawless and that lawlessness has caused multiple tragic deaths. Even if 8chan may not have violated the letter of the law in refusing to moderate their hate-filled community, they have created an environment that revels in violating its spirit.

Google removed the site from its index a few years ago, due to allegations about child abuse material.

At this point, it’s not clear whether Tucows also ejected 8chan, or whether its owners decided to jump ship, perhaps sensing which way the wind is blowing.

Its new home, Epik, calls itself the “Swiss bank” of domain registrars, and has actively courted sites that enable far-right political views.

The registrar openly sought the business of Gab.com, the Twitter clone used largely by those who have been banned by Twitter, after GoDaddy suspended the site’s domain last November.

In March this year, Epik CEO Rob Monster came under fire for publicly doubting the veracity of the video of the mosque shootings in Christchurch, New Zealand, which killed 50 people.

8chan was also frequented by the perpetrator of that attack, among others.

Epik is described as “cornering the market on websites where hate speech is thriving”, according to the Southern Poverty Law Center, an anti-racist group.

Monster has said that he does not support the views of extremists, but merely wants to provide a platform where registrants can exercise their rights to free speech.