Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
GoDaddy hack exposed a million customer passwords
GoDaddy’s systems got hacked recently, exposing up to 1.2 million customer emails and passwords.
The attack started on September 6 and targeted Managed WordPress users, the company’s chief information security officer Demetrius Comes disclosed in a blog post and regulatory filing this week.
The compromised data included email addresses and customer numbers, the original WordPress admin password, the FTP and database user names and passwords, and some SSL private keys.
In cases where the compromised passwords were still in use, the company said it has reset those passwords and informed its customers. The breached SSL certs are being replaced.
GoDaddy discovered the hack November 17 and disclosed it November 22.
It sounds rather like the attack may have been a result of a phishing attack against a GoDaddy employee. The company said the attacker used a “compromised password” to infiltrate its WordPress provisioning system.
Comes wrote in his blog post:
We are sincerely sorry for this incident and the concern it causes for our customers. We, GoDaddy leadership and employees, take our responsibility to protect our customers’ data very seriously and never want to let them down. We will learn from this incident and are already taking steps to strengthen our provisioning system with additional layers of protection
You may recall that GoDaddy came under fire last December for punking its employees with a fake email promising an end-of-year bonus, which turned out to be an “insensitive” component of an anti-phishing training program.
About 500 staff reportedly failed the test.
GoDaddy says it turned around Neustar, and .biz numbers seem to confirm that
GoDaddy is pleased with how its new registry division is doing, with CEO Aman Bhutani claiming last night that it’s managed to turn around the fortunes of Neustar, which became part of GoDaddy Registry a year ago.
Reporting a strong third quarter of domains revenue growth, Bhutani highlighted the secondary market and the registry as drivers. In prepared remarks, he said:
On Registry, we are continuing to prove our ability to acquire, integrate, and accelerate. A great example is the cohort performance within GoDaddy Registry. When we acquired Neustar’s registry assets in Q3 last year, its new cohorts were shrinking, with new unit registrations down 4% year over year. We are now one year into the acquisition, and we’re pleased to report that within that first year, we have been able to accelerate new business significantly. We are now seeing new unit registrations increase nearly 20% year over year — all organically.
If you’re wondering what a “cohort” is, it appears to refer to GoDaddy’s way of, for analysis purposes, slicing up its customers, how much they spend and how profitable they are, into tranches according to the years in which they became customers.
So GoDaddy’s saying here that Neustar’s number of new customers was going down, and it was selling 4% fewer new domains, at the time of the acquisition last year, but that that trend has now been reversed, with new regs up 20%.
The numbers are not really possible to verify. Neustar’s main three TLDs for volume purposes were .us, .co and .biz, and of those only .biz is contractually obliged to publish its zone file and registry numbers.
But look at .biz!
That’s .biz’s daily zone file numbers for the last two years, with the August 2020 acquisition highlighted by a subtle arrow. It’s only added about 50,000 net names since the deal, but it’s reversing an otherwise negative trend.
Monthly transaction reports show .biz had been on a general downward, if spiky, line since its early 2014 peak of 2.7 million names. It’s now at about 1.4 million.
When asked how the company achieved such a feat, Bhutani credited “execution” and left it at that. Perhaps this means something to financial analysts.
When asked by an analyst whether GoDaddy was giving its own TLDs preferential treatment, promoting its owned strings on the registrar in order to better compete with .com at the registry, Bhutani denied such frowned-upon behavior:
We don’t do that. All TLDs work on our registrar side in terms of their merit. It’s about value to the customer — whatever works best irrespective of whether we own the registry side or not. That’s what we’ll sell in front of the customer.
The company reported domains revenue up 17% at $453.2 million for the third quarter, with overall revenue up 14% at $964 million compared to year-ago numbers. Net income was up to $97.7 million from $65.1 million a year ago.
GoDaddy expects domains revenue to grow in the low double digits percent-wise in the current quarter.
Donuts shuts down 14 registrars, but it’s “not related to DropZone”
Donut has let 14 of its shell registrar accreditations expire, but told DI it’s not related to its recently approve drop-catching service, DropZone.
ICANN records show that the companies, with names such as Name118 Inc and Name104 Inc, all basically mini-clones of Name.com, recently had their registrar contracts terminated.
This kind of thing happens fairly regularly with companies resizing the networks they use for catching dropping domains. Donuts still has at least half a dozen active accreditations, records show.
But the move comes just weeks after ICANN approved a controversial new Donuts service called DropZone, which would see dropping domains across Donuts’ portfolio of 250+ gTLDs being handled by a dedicated parallel registry.
DropZone would reduce the need for owning vast numbers of shell accreditations in order to effectively drop-catch, but has faced criticism from rival DropCatch because a) Donuts may charge registrars for access and b) claims that Donuts-owned registrars would have an advantage.
But Donuts says the two things are unrelated. Name.com senior product marketing manager Ethan Conley said in an email:
We did recently let 14 ICANN registrar accreditations expire. These accreditations had become an administrative headache and a point of confusion for customers. This decision was not related to DropZone, and the domain drop business has not been a core focus of Name.com for quite some time.
It’s worth noting that cancelling registrar accreditations would also have an affect on the ability to catch names in other, unaffiliated gTLDs, including .com.
Most registrars did NOT “fail” abuse audit, ICANN says
Most registrars did not “fail” a recent abuse audit, despite what I wrote in my original coverage, according to ICANN.
“Referring to a certain blog, none of the registrars failed the audit,” ICANN senior audit manager Yan Agranonik said during a session of ICANN 72’s Prep Week last night.
He’s talking about ME! He’s talking about ME!
“Failure would mean that there’s an irreparable finding of deficiency that can not be corrected timely or it just goes against the registrar’s business model,” Agranonik said.
An accompanying presentation reads:
None of the registrars “failed” the audit. “Failure” means that the auditee did not acknowledge/remediate identified violations of the RAA or their business practices are not compatible with RAA.
At the risk of prolonging a tedious semantic debate, what I reported in August, when the results of the audit were announced, was: “The large majority of accredited registrars failed an abuse-related audit at the first pass, according to ICANN.”
A bunch of registrar employees, and now apparently ICANN’s own head auditor, disagreed with my characterization.
ICANN had issued a press release stating that of 126 audited registrars, it had identified 111 “that were not fully compliant with the RAA’s requirements related to the receiving and handling of DNS abuse reports.”
To me, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, that’s a fail.
But to ICANN, if ICANN checks whether you’re doing a thing you should be doing and you’re not doing the thing, and it tells you you’re not doing the thing you should be doing, so you start doing the thing, that’s not a fail.
I think reasonable people could disagree on the definitions here.
But I did write that the registrars “failed… according to ICANN”, and that appears to be inaccurate, so I’m happy to correct the record today.
Alice’s Registry disappears down the rabbit hole
One of the oldest domain registrars appears to be on its way out.
San Francisco-based Alice’s Registry has been hit with a breach notice and termination warning by ICANN after apparently being incommunicado for over a year.
According to ICANN, they last spoke in August 2020, when AR indicated that it was thinking about “shutting down the registrar business”.
Since then, the web site has stopped working and ICANN can’t get through on the telephone.
The breach notice claims past-due fees and a failure to operate a working Whois service, and gives the registrar until November 1 to pay up or get its contract terminated.
Alice’s Registry is one of the oldest registrars, founded in 1999, but it’s never had more than a few thousand names under management. Its founder, Rick Wesson, has been involved in the ICANN community since pretty much the beginning.
Almost no security researchers asking for Whois records – Tucows
Security researchers are not asking for private Whois records in anywhere near the numbers you might have been led to believe, according to data released this week by Tucows.
The registrar revealed that it received just one request from the security community between September 2020 and the end of August 2021. That’s not even 1% of the total.
Over the same period, the “commercial litigators” category, presumably including intellectual property interests going after suspected cybersquatters, were behind 87% of requests.
About 9% of requests came from law enforcement agencies, Tucows said.
The company said that it disclosed private registrant data in 74% of cases. It denied the requests in 9% of cases. Other requests were incomplete or abandoned.
Tucows has been offering a Tiered Access service for its Whois records since the General Data Protection Regulation came into effect in May 2018. It has received 4,478 requests since then.
Cloudflare goes all-in with at-cost domains
Content delivery specialist Cloudflare has come out as a fully-fledged domain name registrar, promising to sell names in hundreds of TLDs with no markup on the registry wholesale price.
Since the company launched Cloudflare Registrar three years ago, it’s only been possible for customers to transfer in their domains from other registrars; no new regs were possible.
That’s now changed, with the company today announcing customers can buy their domains direct without having to faff about with transfers.
“It’s important to note that our registrar pricing is ‘at-cost.’ That means we charge our customers exactly what we pay the registry, plus any applicable ICANN transaction fees,” the company blogged.
A new .com costs $8.57, for example.
It appears that you need to be a Cloudflare CDN customer to use the registrar service, but it offers a free plan among its suite of offerings.
It’s not the only registrar to offer names at cost, but it’s certainly the one with the best brand recognition.
Cloudflare currently offers over 250 TLDs, and plans to launch 40 more next month. It just added .uk, and plans to add more ccTLDs, as well as premium-priced domains, in future.
The company had about 325,000 domains under management at the last count in May, having transferred a net of 118,000 names during the previous 12 months.
Make no mistake, Cloudflare will be losing money on this venture, despite what it said in September 2018, when it made out running a registrar was cost-free.
Could registrars get sued under new Texas abortion law?
Does the controversial new Texas state legislation effectively banning most abortions pose legal risks for domain name registries and registrars?
The so-called Texas Heartbeat Act, or SB 8, came into effect at the start of the month. It bans abortions in Texas when doctors can detect a heartbeat in the fetus, which is usually about six weeks after conception, when most women don’t know they’re pregnant.
In an apparent attempt to circumvent the US Supreme Court’s oversight, the enforcement of the law is left to civil actions — the cops won’t come to get you, but any US citizen will be allowed to file civil suits with a guaranteed payout of at least $10,000 if they win and no risk of paying court costs if they lose.
The ban extends not only to doctors who perform the procedure, but also those who “aid and abet”.
This part of the law has been written in such a way that it’s been broadly interpreted as even opening up taxi drivers who transport patients to abortion clinics to possible liability.
Taxi service giants Uber and Lyft have both already announced they will cover the costs of any legal representation their contractors need.
So if taxi drivers can get sued, why not also registrars and hosting companies? Clinics, counselling services and the like all need web sites, and web sites need domains.
It might be a stretch, and the law is worded in such a way that could give registrars a defense, saying liability is restricted to those who “knowingly engages in conduct that aids or abets the performance or inducement of an abortion”.
“Knowingly” is a key word. Taxi drivers dropping off a woman at a clinic know where they are driving. Registrars and hosting companies typically don’t know what is being hosted on their servers.
But what if they are told about pro-abortion content on their services, accompanied by a threat of litigation?
It seems that so far the registrar industry, even one company headed by a right-wing religious individual, are effectively, if not vocally, on the pro-choice side of the debate.
A “whistleblower” web site, run by Texas Right to Life at prolifewhistleblower.com, that was inviting users to essentially “doxx” abortion providers has been kicked off GoDaddy for violating its privacy rules, and even right-leaning Epik has asked the registrant to leave on similar grounds.
DropCatch raises antitrust concerns about Donuts’ Dropzone proposal
TurnCommerce, the company behind DropCatch.com and hundreds of accredited domain name registrars, reckons Donuts’ proposed Dropzone service would be anticompetitive.
Company co-founder Jeff Reberry has written to ICANN to complain that Dropzone would introduce new fees to the dropping domains market, raising the costs involved in the aftermarket.
He also writes that Donuts’ ownership of Name.com, a registrar that DropCatch competes with in the drop market, would have an “unfair competitive advantage” if Dropzone is allowed to go ahead:
Donuts is effectively asking every entity in the ICANN ecosystem to bear the costs of introducing a new service with no benefit outside of a financial benefit to itself, while forcing all registrars to spend more money and resources to register available domain names.
Donuts is proposing Dropzone across its whole portfolio of 200+ gTLDs. It’s a parallel registry infrastructure that would exist just to handle dropping domains in more orderly fashion.
Today, companies such as TurnCommerce own huge collections of shell registrars that are used to ping registries with EPP Create commands around the time valuable domains are going to delete.
Under Dropzone, they’d instead submit create requests with the Dropzone service, and Donuts would give out the rights to register the domains in question on a first-come, first-served basis.
While ICANN had approved a similar request from Afilias before it was acquired by Donuts, the Dropzone proposed by Donuts has one major difference — it proposes a new fee for accessing the system.
No details about this fee have been revealed, which has TurnCommerce nervous.
Donuts is asking for Dropzone via the Registry Services Evaluation Process and ICANN has not yet approved it.
Reberry says ICANN should consult with the relevant governmental competition authorities before it approves the proposal.
You can read Reberry’s letter here (pdf) and our original article about Dropzone here.
NameSilo says it’s growing too fast to be acquired
NameSilo Technologies has called off talks to sell its registrar, also called NameSilo, saying the company is growing too fast to exit right now.
The Canadian company grew its domains under management by 578,000 between April 2020 and April this year, when it stood at 3.9 million domains. It says it has since crossed 4.3 million.
The prospective deal, with Dutch acquisition vehicle WGH Holdings was announced last December.
But NameSilo’s CEO Paul Andreola said in a press release:
We believe that the value of Namesilo has grown significantly since the discussions with the prospective buyer began and feel that there is more value to be unlocked over the near to medium term for shareholders.
At the same time, the company reported revenue of $8.4 million for the second quarter, up $900,000 on the same period last year, with adjusted EBITDA of $435,344.
Bookings were up to $9.9 million from $7.6 million.
It was the company’s debt that first spurred acquisition talks. NameSilo says that debt has been reduced from $4.7 million to $3.85 million since March.
Recent Comments