Latest news of the domain name industry

Recent Posts

Independent Objector launches web site

Kevin Murphy, October 26, 2012, Domain Registries

The new gTLD program’s Independent Objector has launched his own web site, independently from ICANN.

Alain Pellet is the French international law expert appointed in May to the IO role. The new web site also reveals that one Julien Boissise is assisting him.

The IO’s job is to file Community Objections and Limited Public Interest Objections against new gTLD applications, should the need arise.

In practice, I’d be very surprised to see any of the latter filed during the current application round, but I’d expect to see several Community Objections.

Pellet will file his objections before January 13, according to the web site. That’s the current objection-filing deadline, which ICANN plans to extend to March 13.

US probing Verisign price hikes, .com contract may be extended

Kevin Murphy, October 25, 2012, Domain Registries

The US Departments of Commerce and Justice are investigating the price increase provisions of Verisign’s .com registry agreement.

Verisign CEO Jim Bidzos disclosed the “review” on a conference call with financial analysts tonight.

It is likely that it will last beyond November 30 2012, the date the current .com agreement expires, he said.

“There’s a possibility it will not be complete by November 30,” he said.

A special six-month extension is likely to be triggered, he said.

“The status of our ability to operate .com is not an issue here,” he said.

He declined to comment on questions related to the likelihood that the company would be forced to change its pricing plans.

Verisign has spent $3.9 million in legal and other fees related to the US review, it emerged during the call.

ICANN approved the contract, which gives Verisign the right to increase its .com registry fees by 7% in four of the next six years, in June.

ICANN will see an extra $8 million in revenue from Verisign as a result.

Due to the special nature of .com, Justice and Commerce approval is required before the contract can be renewed. Verisign had previously expected that to come before November 30.

Verisign shares are trading down 14% in after-hours trading following the news.

Only 2% of phishing attacks use cybersquatted domain names

Kevin Murphy, October 25, 2012, Domain Registries

The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.

The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.

Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.

That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.

Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.

The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.

That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.

The report states:

Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.

As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.

Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.

Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.

In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.

Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.

More than half of the phisher-owned domains were in .tk, according to the report.

First .post domains going live

Kevin Murphy, October 25, 2012, Domain Registries

After entering the DNS root in August, the .post gTLD has started accepting its first registrations.

The Italian postal service is one of the first web sites with a .post address to go live, according to the Universal Postal Union, the registry manager.

Its site at posteitaliane.post appears to be more than just a mirror of its main .it site.

The postal services from Malaysia and Brazil have also signed up, according to the UPU.

The UPU has grand plans for the gTLD, promising a “global track and trace application” that will “enable customers to track the items they have ordered until final delivery.”

CoCCA withdraws from APTLD over support for AusRegistry “monopoly”

Kevin Murphy, October 24, 2012, Domain Registries

Registry services provider CoCCA has pulled out of the Asia Pacific Top Level Domain Association after APTLD gave support to AusRegistry in its campaign to continue to run .au.

The company claims that APTLD — the Hong Kong-based association of ccTLD operators from the region — backed AusRegistry because AusRegistry is one of its largest donors.

The allegations center on a consultation run by AuDA, the policy overseer for Australia’s .au domain.

AuDA is currently deciding whether to renegotiate AusRegistry’s longstanding registry back-end contract — which is its preferred option — or open it up to public tender.

Draft recommendations published for comment last month suggest that the contract should remain with AusRegistry when it expires in 2014, albeit with renegotiated terms.

CoCCA is mad with APTLD for submitting a comment in support of these recommendations without first consulting its membership, suspecting AusRegistry’s sponsorship of APTLD might have something to do with it.

(October 24 Update: APTLD has submitted a revised comment here. The original submission can be found here.)

In an email to APTLD last week, CoCCA director Garth Miller said:

That AusRegistry, a large for-profit company that is an associate member of APTLD can simply make a phone call to a board member and get the board to make a public submission on behalf of all members that a scheduled public tender be cancelled and AusRegistry be awarded the contract – worth as much as several hundred million dollars, because they have made substantial contributions to the APLTD in the past and are likely to do so in the future if awarded the contract is, in my view, disturbing.

CoCCA, which already provides registry services for a few ccTLDs in the region and runs the .cx (Christmas Island) ccTLD, reckons the .au back-end contract should be opened to competitive bidding.

Judging by the other submissions to AuDA’s consultation, which are published here, it’s a minority view.

Every other comment — most of which were sent by .au registrars, even newcomers such as Go Daddy — supports the recommendation that AusRegistry should keep the deal.

And AusRegistry says that everything is above board. CEO Adrian Kinderis said in a statement sent to DI:

AusRegistry has been actively seeking acknowledgments and recommendations from valued partners and industry leaders over the past month. This included an approach to APTLD to seek a reference from them to acknowledge the positive industry engagement and continued support and participation of AusRegistry in the Asia Pacific domain name industry. APTLD responded positively to our request. AusRegistry has made no secret of such, and to suggest that clandestine calls have taken place is simply not true.

APTLD also denied that it has done anything wrong, though it does not appear to be denying that AusRegistry contributions may have played a part in its decision.

In a statement, APTLD told DI:

The allegation on APTLD must be a misunderstanding and is untrue. APTLD has no comments to make on the tendering process and whether a public tender should be conducted. APTLD does not have sufficient local knowledge to provide any constructive comments. All APTLD can provide is a reference for AusRegistry as an active and positive player in the domain name industry in the Asia Pacific region. Past contributions to APTLD is just one of the many factors when the Board considers whether to provide a reference to a particular member.

AusRegistry has been running the .au registry under contract with AuDA since 2001. It’s used its experience to launch ARI Registry Services, a pretty big player in the new gTLD back-end market.

Last time its .au deal was renegotiated, prices came down.