Latest news of the domain name industry

Recent Posts

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.

March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.

It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.

But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.

“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.

Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.

GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.

However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.

Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?

Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.

This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.

The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.

The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.

AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.

The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.

AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.

The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.

The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.

The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.

The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.

Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.

The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.

AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.

In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”

AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.

If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.

Bur will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?

The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.

The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.

Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.

It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.

A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

Brandsight starts beta with “large corporations”

Kevin Murphy, February 20, 2018, Domain Registrars

New brand management registrar Brandsight says it has started a beta test of its initial service.

Head of marketing Elisa Cooper tells DI the service is being tested by prospective clients at unspecified “large corporations”.

Brandsight Domain Name Management is a portfolio management system for large corporate domain controllers.

The company reckons its service is more streamlined than the competition, leveraging “big data” and modern user interface techniques to make brand managers’ lives easier.

Features include the ability to make sure domains are forwarding to where they’re supposed to. There’s also an industry news feed, according to a press release.

Brandsight was formed last year and staffed by former senior staffers from Fairwinds and MarkMonitor who thought they’d spotted a gap in the market.

Famous Four chair pumps $5.4 million into AlpNames to settle COO lawsuit

Kevin Murphy, February 8, 2018, Domain Registrars

Famous Four Media chair Iain Roache has bought out his former COO’s stake in AlpNames, its affiliated registrar, settling a lawsuit between the two men.

He’s acquired Charles Melvin’s 20% stake in the company for £3.9 million ($5.4 million), according to a press release.

A spokesperson confirmed that the deal settles a lawsuit in the companies’ home territory of Gibraltar, which we reported on in December.

Roache said in the press release that he has a plan to grow AlpNames into a “Tier 1 registrar”:

“I’ve got a 10 year strategic plan, which includes significant additional investment, to set the business up for future growth and success,” he said. “We’re going to bring the competition to the incumbents!”

AlpNames is basically the registrar arm of Famous Four, over the last few years supporting the gTLD portfolio registry’s strategy of selling domains in the sub-$1 range and racking up huge market share as a result.

But it’s on a bit of a slide, volume-wise, right now, as hundreds of thousands of junk domains are allowed to expire.

According to today’s press release, AlpNames has 794,000 gTLD domains under management. That’s a far cry from its peak of 3.1 million just under a year ago.

Seller Melvin, according to the press release, “has decided to pursue other interests outside of the domain name industry”.

It appears he left his COO job at Famous Four some time last year, and then sued Roache and CEO Geir Rasmussen (also an AlpNames investor) over a financial matter. Previous attempts to buy him out were rebuffed.

Last October, the Gibraltar court ruled that the defendants has supplied the court with “forged documents” in the form of inaccurately dated invoices between the registry and AlpNames.

The pair insisted to the court that the documents were an honest mistake and their lawyer told DI that there was no “forgery” in the usual sense of the word.

But it appears that Melvin’s split from the companies was less than friendly and the £3.9 million buyout should probably be viewed in that light.

Uniregistry changes emails after “renewal scam” complaints

Kevin Murphy, February 2, 2018, Domain Registrars

Uniregistry has modified its marketing emails after customers complained they looked like fake renewal “scams”.

One customer contacted DI last week to say they were “horrified” to receive pitches for cheap SSL certificates that “read like some of the worst domain expiration scams of the past”.

The company recently started reselling Comodo’s SSL certs as part of its plan to broaden its customer base beyond its roots in the domain investor community.

But the way these certs were marketed left more than one customer with concerns. One email, which I’ve lightly redacted, read as follows:

Dear [CUSTOMER],

FINAL NOTICE – Your SSL certificate for your domain has expired. Take action and renew your certificate today through Uniregistry.

If your SSL certificate expires your website will display a warning informing customers the site is not secure.

We’ve teamed up with Comodo CA to offer our valued customers discounts up to 78% off when they renew their SSL certificate through us.

Visit https://www.comodo.com/uniregistry/ to take advantage of this offer and renew your certificate before it expires.

Domains at Risk :
[LIST OF DOMAINS]

Average validation time is less than an hour could take longer. Don’t let your certificate expire and put your business at risk. We are here to help, contact one of our SSL Specialist for more information or if you need additional support.

Thank you for choosing Uniregistry and Comodo CA

The reader said that while they have some domains with Uniregistry, their SSL certs had been bought elsewhere.

They added that the certs had not “expired” as the email claimed and said that they were not due to expire for months.

In addition, the email is quite clearly asking the customer to “renew” their cert via Uniregistry and Comodo, which should not be possible if the current cert was bought from a different Certificate Authority. It’s actually a solicitation to buy a new cert.

The scare-tactics wording is reminiscent of the old “slamming” scams carried out by Brandon Gray Internet Services, going under the moniker Domain Registry Of America and similar, until ICANN terminated its contract in 2014.

These “fake renewal” scams were delivered in the form of final-demand invoices, but were in fact solicitations to transfer domains, at a huge premium, from their current registrar to the scammer’s registrar.

A major difference between the DROA scam and Uniregistry’s marketing is that Uniregistry only contacted its existing customers. It was not spamming SSL owners at random.

Uniregistry told DI that the emails in question were part of an “A/B test” — when a company tests two emails to different sets of customers to see which one gets the best response rate — that were sent to “small number” of its customers.

Chief operating officer Kanchan Mhatre said in an email:

The initial content sent came from a previous campaign and it’s fair to say that it needed modifying to more accurately reflect what we were trying to convey. Based on the feedback received from you and other customers, we have modified the messaging and we are currently reviewing cert expiry date validation to ensure that we communicate with our customers in a timely manner.