Latest news of the domain name industry

Recent Posts

eNom called world’s most “abusive” registrar

Kevin Murphy, August 11, 2010, Domain Registrars

A small security firm has singled out eNom as the domain name registrar and web host with the most criminal activity on its network.

HostExploit released a report today claiming the concentration of “badware” on the network belonging to eNom and its soon-to-be-public parent Demand Media is “exceptionally high”.

The claim is based on the proportion of dodgy sites on eNom’s network relative to its size, rather than the actual quantity.

The report says the Demand-owned autonomous system AS21740 has the fifth-highest amount of badware and the sixth-highest number of botnet command and control servers.

It goes on to say that the four or five AS’s with larger amounts of malware are themselves between 10 and 7,500 larger than eNom, as measured by address space.

The report, which I’m guessing HostExploit released to coincide with the hype around Demand Media’s upcoming IPO, draws heavily on existing research, such as this recent KnuJon registrar report (pdf).

It also uses stats from Google-backed StopBadware.org to demonstrate that eNom hosts a disproportionately large number of malware-serving URLs.

According to StopBadware, Go Daddy actually hosts more bad URLs than eNom – 10,797 versus 7,429 – but Go Daddy’s market share is of course over three times larger.

According to WebHosting.info, eNom currently has 9.5 million domains under management, compared to Go Daddy’s 35.2 million.

In Demand Media’s IPO registration statement, filed last Friday, the company acknowledges that it sometimes gets bad publicity but says it’s caught between a rock and a hard place.

We do not monitor or review the appropriateness of the domain names we register for our customers or the content of our network of customer websites, and we have no control over the activities in which our customers engage.

While we have policies in place to terminate domain names if presented with a court order or governmental injunction, we have in the past been publicly criticized for not being more proactive in this area by consumer watchdogs and we may encounter similar criticism in the future. This criticism could harm our reputation.

Conversely, were we to terminate a domain name registration in the absence of legal compulsion, we could be criticized for prematurely and improperly terminating a domain name registered by a customer.

Domain name hijacker gets jail time

Kevin Murphy, August 10, 2010, Domain Registrars

A man who hijacked Comcast’s domain name, causing hours of outages for the ISP’s customers, has been sentenced to four months in jail.

James Black, who went by the handle “Defiant”, will also have to serve 150 hours of community service, three years of supervised release, and pay Comcast $128,557 in restitution.

Assistant United States Attorney Kathryn Warma told the court:

Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos.

The attack took place over two years ago. Kryogenicks reportedly used a combination of social engineering and technical tricks to take over Comcast’s account at Network Solutions.

During the period of the hijacking, comcast.net redirected to the hacker’s page of choice. All Comcast webmail was unavailable for at least five hours.

Digging for dirt in the Demand Media IPO – roundup

Kevin Murphy, August 9, 2010, Domain Registrars

Demand Media, parent of second-largest domain name registrar eNom, has filed to go public, and the publication of its S-1 registration document has given an unprecedented glimpse inside the company.

Unsurprisingly, the “content mill” part of Demand’s operation, which accounts for more than half of its revenue, has garnered the most media coverage over the weekend.

Demand says that the fact that is “transforming traditional content creation models” and is “frequently the subject of unflattering reports in the media about our business and our model.”

Reports of its IPO are no exception.

This report in DailyFinance.com observes that the key difference between Demand and traditional media is that Demand does it “at scale”, with some 10,000 writers producing 5,700 articles per day.

DaniWeb notes that Demand’s freelancers are “working for wages often well below industry standard to churn out content” and said the company is subject to “redundancies, inefficiencies and the reliance on trying to game Google”.

Others are more direct: “wtf: this is why the Internet is full of unreadable junk”

CNNMoney.com reports that Demand is “notorious” for paying as little as $15 per article, and that it can make a 58% return on a month’s articles over seven quarters.

As a freelancer reporter, I don’t like Demand’s model either. I think it devalues the profession. The S-1 reveals that the company is well aware that it’s also quite exploitative:

We believe that over the past two years our ability to attract and retain freelance content creators has benefited from the weak overall labor market and from the difficulties and resulting layoffs occurring in traditional media, particularly newspapers. We believe that this combination of circumstances is unlikely to continue and any change to the economy or the media jobs market may make it more difficult for us to attract and retain freelance content creators.

On the domain name side of the business, DomainNameWire was quickest off the mark, digging out the fact that eNom uses look-ups by prospective registrants to decide what articles might be profitable and what web sites it could develop.

The S-1 says:

These queries and look-ups provide insight into what consumers may be seeking online and represent a proprietary and valuable source of relevant information for our platform’s title generation algorithms and the algorithms we use to acquire undeveloped websites for our portfolio.

eNom has already said that this should NOT be interpreted as “front-running”. (apologies, the first version of this article accidentally omitted the word “not”)

Also found in the S-1, and already known from eNom’s registration agreement Ts & Cs, the company keeps some customers’ expired domain names for itself, if they have value.

I can remember a time not too many years ago when this kind of behavior was frowned upon.

DNW also points to the list of Demand’s subsidiaries. There are 146 of them, at least 100 of which are shells for ICANN registrar accreditations.

Others, such as Acquire This Name, which KnuJon had beef with (pdf) a year ago, act as eNom resellers.

Looking at the financials, All Things Digital gently mocks the company’s reliance on non-standard “Adjusted OIBDA” numbers in its S-1 to make the company appear profitable.

Meanwhile, Mike Berkens at TheDomains is incredulous looking at the amount of money Demand has lost since its inception: some $52 million.

ICANN threatens to shut down registrar flipper

ICANN has said it will terminate one of its registrars for non-payment of fees, the thirteenth such threatening letter the organization has sent out this year.

The unfortunate recipient is #1 Host Brazil, which has just a couple hundred domains under its belt in the generic top-level domains.

I may be wrong, but based on some cursory research I’m inferring that the registrar is basically a shell accreditation, acquired in order to flip to a larger registrar.

There are 10 other “‘#1 Host” registrars, such as #1 Host Australia and #1 Host Canada, listed on ICANN’s list of accredited registrars, almost all of which were awarded in late 2005 to the same Texan.

They all use the same logos and, due to the hash sign, all appear at the top of alphabetical lists of ICANN-accredited registrars.

Apart from the Brazil and Israel variants, most of the other “#1” accreditations have been acquired by Moniker at various times over the last few years, according to Internic and Whois records.

#1 Host Brazil faces de-accreditation (pdf) on August 24 unless it pays almost $9,000 in ICANN fees and provides evidence of $500,000 in commercial liability insurance.

Using Go Daddy equals “bad faith” registration

Registered a domain name with Go Daddy recently? Unless you’ve updated your name server settings, you’ve automatically committed a “bad faith” registration.

At least, that’s the conclusion I’m drawing from a couple of recent clueless UDRP decisions.

The most recent example is the case of Churchill Insurance, which just won churchillimports.com, following a proceeding with the National Arbitration Forum.

The registrant claimed he planned to use the domain, which he registered just six months ago, to sell cigars. Seems reasonable. Other sites sell cigars using the name “Churchill”.

But the NAF panelist, Flip Petillion, wasn’t buying it:

Respondent uses the churchillimports.com domain name to resolve to a directory website that displays links to third-party websites, some of which provide insurance products and services that compete with Complainant’s business.

it is shown on a balance of probability that Respondent uses the disputed domain name to operate a directory website and, thus, profits from this use through the receipt of “click-through” fees. Accordingly, the Panel finds that this use constitutes bad faith registration and use pursuant to Policy

as the disputed domain name was registered after the registration of Complainant’s established trademark rights and given the fact that Respondent’s website employs insurance themed links that resolve to websites of Complainant’s competitors, Respondent could not have registered and used the disputed domain name without actual or constructive knowledge of Complainant and its rights in the CHURCHILL mark.

What Petillion clearly failed to realize – or decided to conveniently ignore – is that everything he ascribes to the registrant was actually caused by default Go Daddy behavior.

Churchill sells car insurance in the UK. The registrant is an American, from Georgia. There’s a very slim chance he’d ever heard of the company before they slapped him with the UDRP.

But Petillion decided that the fact that insurance-themed links were present on the site shows that the registrant must have known about the company. Like he put the links there himself.

He concludes the registrant had “bad faith” because Go Daddy’s parking algorithm (I believe it’s operated by Google) knows to show insurance-related ads when people search for “churchill”.

In addition, churchillimports.com is the default parking page that Go Daddy throws up whenever a domain name is newly registered.

The registrant didn’t need to do anything other than register the name and, according to this bogus ruling, he’s automatically committed a bad faith registration.

Where does NAF find these people?

I’m sure I’m not the first to notice this kind of behavior, and I’m sure Go Daddy’s not the only registrar this affects.