Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
ICANN expecting to approve most new gTLDs?
Good news for new gTLD applicants?
ICANN appears to be assuming that the vast majority of applications will pass their evaluations and make it at least as far as pre-delegation testing, judging from recent comments.
Of the 1,400-odd unique strings being applied for, ICANN reckons that “close to the maximum” will need to be tested before being added to the DNS root.
The hint came in a Q&A with respondents to ICANN’s pre-delegation testing provider RFP published yesterday.
With added emphasis, here’s what ICANN just said:
Question 7: Can ICANN provide a definitive statement of the anticipated minimum number of pre-delegation tests?
The total number of applied-for strings that will be approved is unknown at this point. Therefore, we cannot assert the minimum number of registries to be tested but only the maximum: 1,400. We expect that the actual numbers of registries tested should be close to the maximum.
It’s a positive sign for applicants, but there are obviously some big unknowns in the process, most notably Governmental Advisory Committee interventions, which are a little under a week away.
On the negative side, ICANN seems to be digging its heels in on the number of pre-delegation tests that will be required, despite recent requests from applicants to streamline the process:
Question 17: Is it possible to execute a single test per Back-End Registry Service Provider (as this would limit the requirement to about 80 such tests)?
The AGB [Applicant Guidebook] specifies one Pre-Delegation Test per Registry Operator (contracted party to ICANN).
This appears to mean that multiple applications using Verisign or Afilias, for example, as their back-ends will have to be individually tested, despite possible duplicative work.
IEDR admits blame for hack that brought down Google and Yahoo
IEDR, the Irish ccTLD registry, has admitted that an attack on its own web servers was responsible for google.ie and yahoo.ie being hijacked last month.
In a detailed statement, the registry said that hackers spent 25 days probing for weaknesses in its systems, before eventually breaking in through a vulnerability in the Joomla content management software.
This enabled the attackers to upload malicious PHP scripts and access the back-end database, according to the statement. They then redirected yahoo.ie and google.ie to an Indonesian web site.
It’s a reverse of position for IEDR, which had appeared to blame one of its registrars (believed to be Mark Monitor) for the lapse in security when the hack was discovered last month.
IEDR told ZDNet October 11: “an unauthorised change was made to two .ie domains on an independent registrar’s account which resulted in a change of DNS nameservers”.
But today it said instead: “The IEDR investigation also confirmed that neither the Registrar of the affected domains nor its systems had any responsibility for this incident.”
The registry has filed a complaint with the Irish police over the incident, and apologized to its customers for the disruption.
It also said it plans to roll out a Domain Lock service to help prevent hijacking in future, though I doubt such a service would have prevented this specific incident.
Roussos sells his .home new gTLD application
In what I believe is the first instance of a new gTLD bid changing hands, CGR E-Commerce has sold off its .home application to another applicant.
CGR is the Cyprus-based company controlled by prominent .music applicant Constantine Roussos.
Among 29 changes to new gTLD applications approved by ICANN and published late last week were substantial alterations to CGR’s application for .home, which is contested by 10 other applicants.
All references to Roussos, his colleague Tina Dam, and CGR itself were removed, replaced by the names of executives from Defender Direct.
The applicant name is now “Dothome Ltd”, whereas originally it was “DotHome/CGR E-Commerce Ltd”.
“We just sold that company,” Roussos confirmed to DI. “All our assets and intellectual property pertaining to .HOME were transferred to Defender Direct, a company that also applied for .SECURITY.”
“They are the second largest home security company in the U.S and have a lot of resources to provide to create value in both the home and security arenas,” he added.
Back in April, while the new gTLD application period was still open, Roussos was known to be shopping around some spare TLD Application System slots.
The .home gTLD is one of the most-contested strings in the current round, but all 11 applicants face the risk that the string itself may be rejected on security and stability grounds.
TLDH expects gTLD auctions in second half of 2013
While some new gTLD portfolio applicants are trying to get their contention sets resolved as quickly as possible, Top Level Domain Holdings reckons auctions won’t happen until the second half of 2013.
In a trading update this week, the company also said that it expects to start seeing revenue from its first successful new gTLD applications next year, with contested bids producing revenue in 2014.
TLDH said in a statement:
Provided that the ICANN proposed timetable is broadly adhered to, the Board of TLDH believes that a number of the Group’s 17 uncontested gTLD applications on its own behalf and the 5 uncontested client gTLD applications are likely to be revenue producing in 2013, with the balance becoming so in the first half of 2014. TLDH has commenced discussions with the leading worldwide registrars, premium name specialists, and secondary market platforms for distribution of these gTLD names.
TLDH is also working with other gTLD applicant groups to define formats for private auctions and other name resolution arrangements in respect of the contested names that TLDH has applied for. The Board expects that these auctions are likely to happen in the second half of 2013.
As we reported last week, fellow portfolio applicant Donuts approached competing applicants at the Toronto ICANN meeting last month with a proposal for running private auctions in early 2013.
The idea was not warmly received by many, we hear, and TLDH evidently does not agree.
The company also revealed this week that it plans to move its headquarters to Dublin, Ireland, and expects to start hiring more staff and directors in the near future.
Clark Landry, who has been a non-executive director of TLDH for several years, has left the board, TLDH announced.
Caspar von Veltheim, who has been managing some of TLDH’s geographic gTLD bids in Europe, has joined the board as an executive director, the company added.
Verisign defends .com price increases
Verisign has assured investors that it is confident its .com registry agreement is not in jeopardy, after seeing its stock plummet due to uncertainties over the deal.
In a statement yesterday, the company also defended the planned continuation of its price-raising powers.
It emerged last week that the US Department of Commerce is looking into the pricing arrangements of the new .com deal, which ICANN approved back in June.
Commerce has the right — in consultation with the Department of Justice and others — to approve or reject the contract based on its security/stability and pricing terms.
Whatever happens, it’s virtually unthinkable that Verisign will lose the contract. The company said:
While the review process with the Commerce Department may extend beyond Nov. 30, 2012, it could also be concluded by Nov. 30, 2012. In either case, Verisign expects to continue to run the .com registry.
It also said that its ability to increase prices by 7% in four of the six years of the contract is in fact in the public interest, saying in a lengthy statement:
The .com registry has an unequaled record of achievement, with full availability of DNS resolution in .com for more than 15 consecutive years. The economic activity supported by the .com registry is significant by any measure in an environment where the consequences of a failure of even a very short duration or degradation of the Domain Name System (DNS) resolution service, due to either a cyber attack or failure of hardware, software, or personnel, would have significant economic and non-economic impacts to the global economy.
The level of security and stability offered by Verisign is only possible with investments in overcapacity and redundancy, network security, intellectual property (IP) and in human capital: The engineers and employees at Verisign who operate the .com registry and ensure its security and stability. The pricing terms of the .com Registry Agreement enable Verisign to make these investments, develop the necessary IP, know-how and purpose-built systems, respond to new threats to stability as they emerge, and recruit and retain the specialized talent necessary to maintain our network, including dozens of globally distributed constellation sites and data centers in the U.S. and elsewhere.
In essence, Verisign is saying that the security and stability record — which Commerce evidently has already reviewed to its satisfaction — are inextricably linked to its ability to raise prices.
The company’s share price fell 18% in the aftermath of last week’s news, but recovered slightly yesterday — gaining about 11% — after the statement was released.
ICM to intro sponsored search results with $75 credit for registrants
Tearing several chapters out of the Google playbook, ICM Registry is to introduce a sponsored search placement service for .xxx registrants, along with a substantial introductory credit.
The company will give each registrant a $75-per-domain credit against its forthcoming search platform, which in many cases will completely offset the cost of their .xxx domain.
As has been pointed out elsewhere, it’s the AdWords model for porn, following on from the recent launch of search.xxx, which ICM says has already had more than 12 million page views.
The ad system is expected to roll out in “early 2013”, but ICM has launched the credits incentive now in order to get early registrants to renew their domain names.
The vast majority of .xxx’s roughly 140,000 registrations occurred during its first two months of general availability and will be coming up for renewal in December and January.
That said, ICM had said even prior to this announcement that its early renewals were looking promising.
The ad credit will apply to all .xxx domains renewed or registered before January 31, 2013, ICM said in a press release.
The company has long talked about its plans for generating advertising and micropayment-based revenue. Over the long term, selling domains may prove to be a small part of its business.
Demand Media: ignore our Republican gTLD rivals
Demand Media has asked ICANN to “ignore” complaints from the US Republican party about its application for the .republican gTLD.
Last month, the Republican National Committee and the Republican State Leadership Committee submitted comments to ICANN arguing that Demand would be an unsuitable custodian for the gTLD.
Demand is best known for its “unofficial, mediocre and sometimes incorrect” content farms, such as eHow, the letter (pdf) said.
The company should not be allowed to run .republican because it implies endorsement by the Republican party, or some kind of community backing for a non-Community application, the letter said.
This week, Demand has responded, saying it’s nothing but competitive posturing, given that the RSLC has applied for .gop (for “Grand Old Party”, a nickname for the Republicans):
A letter to ICANN from Demand subsidiary and .republican applicant United TLD Holdco, says:
Because the RSLC and RNC have applied for .GOP, an arguably competing string, it is easy to see through these arguments and ignore them as nothing more than an attempt to undermine the credibility of United TLD in order to gain a competitive advantage.
…
By their own admission, RSCL and RNC agree that “.REPUBLICAN has the potential to be a very powerful gTLD.” It is natural then, that they would attempt to discredit United TLD in the hope of eliminating competition for their own string.
The thrust of Demand’s rebuttal is that Republicanism is not an exclusively American movement — other parties around the world use the name — and that it also has generic meaning.
It further argues that the quality of the content Demand provides elsewhere is irrelevant, because the company plans to sell .republican domain names, not produce content there.
Demand has also applied for .democrat, the other major US political party, but did not receive any complaints from the Democratic party during the designated ICANN comment period.
Independent Objector launches web site
The new gTLD program’s Independent Objector has launched his own web site, independently from ICANN.
Alain Pellet is the French international law expert appointed in May to the IO role. The new web site also reveals that one Julien Boissise is assisting him.
The IO’s job is to file Community Objections and Limited Public Interest Objections against new gTLD applications, should the need arise.
In practice, I’d be very surprised to see any of the latter filed during the current application round, but I’d expect to see several Community Objections.
Pellet will file his objections before January 13, according to the web site. That’s the current objection-filing deadline, which ICANN plans to extend to March 13.
US probing Verisign price hikes, .com contract may be extended
The US Departments of Commerce and Justice are investigating the price increase provisions of Verisign’s .com registry agreement.
Verisign CEO Jim Bidzos disclosed the “review” on a conference call with financial analysts tonight.
It is likely that it will last beyond November 30 2012, the date the current .com agreement expires, he said.
“There’s a possibility it will not be complete by November 30,” he said.
A special six-month extension is likely to be triggered, he said.
“The status of our ability to operate .com is not an issue here,” he said.
He declined to comment on questions related to the likelihood that the company would be forced to change its pricing plans.
Verisign has spent $3.9 million in legal and other fees related to the US review, it emerged during the call.
ICANN approved the contract, which gives Verisign the right to increase its .com registry fees by 7% in four of the next six years, in June.
ICANN will see an extra $8 million in revenue from Verisign as a result.
Due to the special nature of .com, Justice and Commerce approval is required before the contract can be renewed. Verisign had previously expected that to come before November 30.
Verisign shares are trading down 14% in after-hours trading following the news.
Only 2% of phishing attacks use cybersquatted domain names
The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.
The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.
Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.
That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.
Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.
The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.
That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.
The report states:
Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.
As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.
Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.
Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.
In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.
Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.
More than half of the phisher-owned domains were in .tk, according to the report.
Recent Comments