Latest news of the domain name industry

Recent Posts

New gTLD launches: registrar coverage at less than 40% of the market

Kevin Murphy, January 7, 2014, Domain Registrars

Registrars representing less than 40% of the gTLD market are ready to offer new gTLDs during their launch phases, according to the latest stats from ICANN.

ICANN released yesterday a list (pdf) of the just 21 registrars that have signed the 2013 Registrar Accreditation Agreement and have been certified by IBM to use the Trademark Clearinghouse database.

Signing the 2013 RAA is a requirement for registrars that want to sell new gTLDs. Almost 150 registrars are currently on the new contract.

But being certified for the TMCH is also a requirement to sell names during the first 90 days of each new gTLD’s general availability, when the Trademark Claims service is running.

Together, the 21 registrars that have done both accounted for 59 million registered gTLD domain names (using August’s official numbers), which translated to 39.5% of the gTLD market.

It’s a high percentage due to the presence of Go Daddy, with its 48.2 million gTLD names. The only other top-10 registrar on the list is 1&1.

Twelve of the 21 registrars on the list had fewer than 40,000 names under management. A couple have fewer than 100.

Only one new gTLD, dotShabaka Registry’s شبكة., is currently in its Trademark Claims period.

The second batch, comprising Donuts’ first seven launches, isn’t due to hit until January 27, giving just a few weeks for the certified list to swell.

There’ll be 33 new gTLD in Claims by the end of February.

The rate at which new registrars are being certified by IBM is not especially encouraging either. Only four have been added in the last month.

Some registrars may of course choose to work via other registrars, as a reseller, rather than getting certified and doing the TMCH integration work themselves.

Latest Go Daddy phishing attack unrelated to 2013 RAA

Kevin Murphy, January 6, 2014, Domain Registrars

Fears that the 2013 Registrar Accreditation Agreement would lead to new phishing attacks appear to be unfounded, at least so far.

The 2013 RAA, which came into force at most of the big registrars on January 1, requires registrars to verify the registrant’s email address or phone number whenever a new name is registered.

It was long predicted that this new provision — demanded by law enforcement — would lead to phishers exploiting registrant confusion, obtaining login credentials, and stealing valuable domain names.

Over the weekend, it looked like this prediction had come true, with posts over at DNForum saying that a new Go Daddy scam was doing the rounds and reports that it was related to the 2013 RAA changes.

I disagree. Shane Cultra posted a screenshot of the latest scam on his blog, alongside a screenshot of Go Daddy’s actual verification email, and the two are completely dissimilar.

The big giveaways are the “Whois Data Reminder” banner and “Reminder to verify the accuracy of Whois data” subject line.

The new attack is not exploiting the new 2013 RAA Whois verification requirements, it’s exploiting the 10-year-old Whois Data Reminder Policy, which requires registrars annually to remind their customers to keep their contact details accurate.

In fact, the language of the new scam has been used in phishing attacks against registrants since at least 2010.

That’s not to say the attack is harmless, of course — the attacker is still going to steal the contents of your Go Daddy account if you fall for it.

We probably will see attacks specifically targeting confusion about the new address verification policy in future, but it seems to me that the confusion we’re seeing with the latest scam may be coincidental.

Go Daddy told DI yesterday that the scam site in question had already been shut down. It’s not clear if anyone fell for it while it was live.

1&1′s new gTLD ads banned for “misleading” viewers

Kevin Murphy, December 19, 2013, Domain Registrars

TV ads promoting 1&1′s new gTLD pre-registration services have been banned from the UK’s airwaves after being ruled “likely to mislead” by the Advertising Standards Authority.

The ads were part of probably the biggest new gTLD marketing outreach to date, a worldwide campaign I’ve heard is costing 1&1 up to $80 million. The UK ad stated:

Do you own a company? Or an online shop? Are you an estate agent? Or a car dealer? Are you from London? Or maybe Scotland? Are you looking for a great new web or e-mail address? Then choose from over 700 new domains. Pre-order yours for free, before someone else does, and link it to your website.

The ASA ruled that the ads would have led consumers to believe that they would definitely get the name they pre-registered as soon as it became available.

In fact, of course, allocation is dependent largely on registry policy, Sunrise registrations, name collisions blocking, and whatever other barriers ICANN can think up in the meantime.

The ASA said in its decision:

Whilst we considered consumers would understand the reference to ‘pre-order’ to mean that the domain names were not currently available, we considered they would understand the ad to mean that they could place an order with 1&1 Internet that would secure their chosen domain name when it became available. However, we understood that that was not the case and that upon receipt of a pre-order, 1&1 Internet would pass on the customer’s request to the relevant domain name registry, who would apply their own allocation process when the requested domain name became available. We therefore considered the presentation of the ad was likely to mislead.

The ad therefore “must not appear again in its current form”, the ASA ruled.

Finally, domain-slamming registrar gets ICANN breach notice

Kevin Murphy, December 17, 2013, Domain Registrars

Domain “slamming” registrar Brandon Gray Internet Services, which does business as NameJuice.com, has finally received its first ICANN compliance notice.

If you’ve been around the industry for a while you’ll know Brandon Gray better as Domain Registry of America, Domain Registry of Canada, Domain Renewal Group and various other pseudonyms.

DROADROA is known for being the prime perpetrator of the old “slamming” scam, where fake postal renewal notices that look like invoices trick busy or gullible registrants into transferring their names.

It was sued for slamming by Register.com back in 2002, spanked by the UK’s Advertising Standards Agency as recently as 2009, and de-accredited by .ca registry CIRA.

There’s a list of the various times it’s run afoul of regulators over on Wikipedia.

ICANN yesterday sent a breach notice (pdf) to Brandon Gray, saying the company failed to “maintain and make available to ICANN registration records relating to dealings with the Registered Name Holder” of businesspotion.com, in violation of the Registrar Accreditation Agreement.

A Whois look-up reveals that businesspotion.com has belonged to the same registrant since 2009. However, in April 2011 it was transferred from 1&1 to Brandon Gray (DROA/NameJuice).

I can only guess why it might have been transferred.

However, the material ICANN wants only relates to the period from July this year.

It appears from the compliance notice that the owner of the domain tried to transfer his name away from DROA recently but claims to have not received the necessary authorization codes.

Brandon Gray has until January 13 to provide ICANN with the requested documentation or face losing its accreditation.

Back in 2011, the last time Brandon Gray tried to slam me, I asked: “Isn’t it about time ICANN shut these muppets down?”

Hopefully, that wish is a step closer to reality today.

Go Daddy to take $2,500 profit on Donuts’ first-day domains

Kevin Murphy, December 11, 2013, Domain Registrars

Donuts’ pricey Early Access Program for its new gTLDs could prove quite lucrative for registrars.

Go Daddy today revealed that it’s charging $12,500 and up for first-day “priority” registrations in 14 Donuts gTLDs, a $2,500 profit on Donuts’ EAP registry fee, which I believe is $10,000.

The EAP is Donuts’ alternative to a traditional landrush period.

Rather than charging premium landrush fees and then running an auction for contested domains, every available domain has a standard premium buy-it-now price that is reduced every day for a week until the fee hits the standard reg fee.

It’s Dutch-auction-like, with a first-come-first-served component.

The EAP registry fees start at $10,000, go to $2,500 on day two, $950 on day three, $500 on day four and $100 from days five through day seven. Then they go to the base fee, which depends on gTLD but typically translates to about $40 at the check-out.

Go Daddy’s respective EAP retail prices are $12,539.99, $3,164.99, $1,239.99, $689.99 and $189.99.

Complicating matters, these are currently “priority pre-registration” fees, so the company will still have to successfully grab the pre-registered names from the registry when they become available.

While customers are billed today, they may not get the name they want. If Go Daddy fails to secure the name it will issue a full refund.

Complicating matters further, the company is accepting multiple pre-registrations on any given name and will auction it off to the highest bidder if more than one person pre-registers at the same level and Go Daddy manages to grab the name.

So $12,500 may just be the tip of the iceberg.

Complicating matters further further, Go Daddy’s site is currently not particularly clear — at least to this elderly hack — which components of its fees are refundable and which are not.

This slogan, currently in use on the Go Daddy pre-reg site, appears to me to be absolute nonsense.

Horseshit

The 14 Donuts gTLD currently on offer are: .estate, .photography, .ventures, .guru, .bike, .clothing, .gallery, .singles, .camera, .lighting, .plumbing, .equipment, .graphics and .holdings.