Latest news of the domain name industry

Recent Posts

GoDaddy domains business grows 15% in Q2

Kevin Murphy, August 10, 2017, Domain Registrars

GoDaddy saw its revenue from domain name sales increase by almost 15% in the second quarter, the company announced this week.

Its domains revenue was $263.3 million, up 14.6% on the same quarter last year.

That was part of an overall growth trend at the company, which saw revenue for the quarter up 22.3% at $557.8 million.

Revenue growth would have been a point higher but for currency fluctuations. GoDaddy now does about a third of its business outside its native US, helped a deal by its acquisition of Host Europe Group, which closed at the start of the quarter.

Net income for the period was $18.1 million, reversing a loss of $11.1 million a year ago.

Domains account for about 47% of overall revenue at the company.

GoDaddy said it had 17 million customers at the end of the quarter, June 30, adding about a million organically compared to a year earlier and 1.6 million from the HEG acquisition.

At the end of the quarter, the company had $591.2 million in cash and equivalents and debt of $3 billion.

GoDaddy flips hosting business for $456 million

GoDaddy has sold off its recently acquired PlusServer business for €397 million ($456 million).

The buyer is a private equity firm, BC Partners.

The registrar had taken control of the business when it spent $1.79 billion on Host Europe Group earlier this year, but had said from the start that the asset was for sale.

PlusServer sells hosting to larger companies, which have more demanding support needs that small-business-focused GoDaddy is accustomed to dealing with.

The unit was bringing in annual revenue approaching $100 million per year.

GoDaddy said it planned to put the proceeds of the flip towards paying off some loans.

Over 750 domains hijacked in attack on Gandi

Gandi saw 751 domains belonging to its customers hijacked and redirected to malware delivery sites, the French registrar reported earlier this month.

The attack saw the perpetrators obtain Gandi’s password for a gateway provider, which it did not name, that acts as an intermediary to 34 ccTLD registries including .ch, .se and .es.

The registrar suspects that the password was obtained by the attacker exploiting the fact that the gateway provider does not enforce HTTPS on its login pages.

During the incident, the name servers for up up to 751 domains were altered such that they directed visitors to sites designed to compromise unpatched computers.

The redirects started at 0804 UTC July 7, and while Gandi’s geeks had reversed the changes by 1615 it was several more hours before the changes propagated throughout the DNS for all affected domains.

About the theft of its password, Gandi wrote:

These credentials were likewise not obtained by a breach of our systems and we strongly suspect they were obtained from an insecure connection to our technical partner’s web portal (the web platform in question allows access via http).

It’s not clear why a phishing attack, which would seem the more obvious way to obtain a password, was ruled out.

Gandi posted a detailed timeline here, while Swiss registry Switch also posted an incident report from its perspective here. An effected customer, which just happened to be a security researcher, posted his account here.

Gandi says it manages over 2.1 million domains across 730 TLDs.

ICANN expects to lose 750 registrars in the next year

ICANN is predicting that about 750 accredited registrars will close over the next 12 months due to the over-saturation of the drop-catching market.

ICANN VP Cyrus Namazi made the estimate while explaining ICANN’s fiscal 2018 budget, which is where the projection originated, at the organization’s public meeting in South Africa last week.

He said that ICANN ended its fiscal 2017 last week with 2,989 accredited registrars, but that ICANN expects to lose about 250 per quarter starting from October until this time next year.

These almost 3,000 registrars belong to about 400 registrar families, he said.

By my estimate, roughly two thirds of the registrars are shell accreditations under the ownership of just three companies — Web.com (Namejet and SnapNames), Pheenix, and TurnCommerce (DropCatch.com).

These companies lay out millions of dollars on accreditation fees in order to game ICANN rules and get more connections to registries — mainly Verisign’s .com.

More connections gives them a greater chance of quickly registering potentially valuable domains milliseconds after they are deleted. Drop-catching, in other words.

But Namazi indicated that ICANN’s cautious “best estimate” is that there’s not enough good stuff dropping to justify the number of accreditations these three companies own.

“With the model we have, I believe at the moment the total available market for these sought-after domains that these multifamily registrars are after is not able to withstand the thousands of accreditations that are there,” he said. “Each accreditation costs quite a bit of money.”

Having a registrar accreditation costs $4,000 a year, not including ICANN’s variable and transaction fees.

“We think the market has probably gone beyond what the available market is,” he said.

He cautioned that the situation was “fluid” and that ICANN was keeping an eye on it because these accreditations fees have become material to its budget in the last few years.

If the three drop-catchers do start dumping registrars, it would reveal an extremely short shelf life for their accreditations.

Pheenix upped its registrar count by 300 and DropCatch added 500 to its already huge stable as recently as December 2016.

GoDaddy launches security service after Sucuri acquisition

GoDaddy has revealed the first fruits of its March acquisition of web security service provider Sucuri.

It’s GoDaddy Website Security, what appears to be a budget version of the services Sucuri already offers on a standalone basis.

For $6.99 per month ($83.88/year), the service monitors your web site for malware and removes it upon request. It also keeps tabs on major blacklists to make sure you’re not being blocked by Google, Norton or McAfee.

This low-end offering gets you a 12-hour response time for the cleanup component. You can up that to 30 minutes by taking out the $299.99 per year plan.

The more expensive plan also includes DDoS protection, a malware firewall and integration with a content delivery network for performance.

There’s also an intermediate, $19.99-per-month ($239.88/year) plan that includes the extra features but keeps the response time at 12 hours.

An SSL certificate is included in the two more-expensive packages.

The pricing and feature set looks to compare reasonably well with Sucuri’s standalone products, which start at $16.66 a month and offer response times as fast as four hours.

As somebody who has suffered from three major security problems on GoDaddy over the last decade or so, and found GoDaddy’s response abysmal on all three occasions (despite my generally positive views of its customer service), the new service is a somewhat tempting proposition.