Police .uk domain takedowns dive in 2023
The number of .uk domain names taken down as a result of requests from law enforcement shrank substantially last year, according to the latest stats from Nominet.
The registry said today that it suspended 1,193 domains in the 12 months to October 31, down from 2,106 in the previous period. It’s a record low since Nominet started tracking the data, for the second year in a row.
As usual, alleged intellectual property violations were the biggest cause of action. The Police Intellectual Property Crime Unit had 717 names taken down, with the National Fraud Intelligence Bureau suspending 321 and the Financial Conduct Authority 116.
While police takedowns were low, domains suspended by Nominet’s proactive Domain Watch anti-phishing technology were up about 20%, from 5,005 to 5,911. Nominet said this is because the tech, which flags possible phishing domains for human review at point of registration, is getting better.
The number of domains suspended because they appeared on threat feeds doubled, from 1,108 in the 2022 period to 2,230 last year, the company said.
Cybersquatting cases in .uk have also been declining, Nominet reported earlier this month.
While correlation does not equal causation, it might be worth noting that .uk registrations overall have been on the decline for some time. There were 10.68 million .uk domains at the end of January, down from 11.04 million a year earlier.
GoDaddy wants to cut the bullshit from .xxx
GoDaddy Registry wants to drop a big chunk of nonsense from the contract governing its .xxx domain, some 20 years after it was applied for as a “Sponsored” gTLD.
It’s asked ICANN if it can kill off its sponsor, the International Foundation For Online Responsibility, and sign up to something closer to the Base New gTLD Registry Agreement, the contract that all new gTLDs from the 2012 application round are on.
GoDaddy’s .porn, .adult and .sex gTLDs have been on a non-sponsored contract for a decade to no complaint, though they haven’t sold nearly as many domains as .xxx.
IFFOR’s board, the IFFOR Ombudsman, and .xxx registrants polled by GoDaddy all agree that the “sponsored” classification is no longer needed, GoDaddy VP Nicolai Bezsonoff told ICANN VP Russ Weinstein (pdf).
The registry wants ICANN to put out a non-sponsored version of the .xxx contract out for public comment.
It looks like a fait accompli. GoDaddy and ICANN have been negotiating the renewal of the .xxx contract, which was due to expire in 2021, for at least three years. It’s difficult to imagine a scenario in which the two parties have not already agreed terms.
Nobody who doesn’t get paid by IFFOR will miss IFFOR. For 20 years it’s been the domain industry’s least-convincing merkin, existing entirely to give original .xxx manager ICM Registry (and then MMX, then GoDaddy, following industry consolidation) the illusion that it had community support for selling porn domains.
ICM created IFFOR when it applied for .xxx in 2003 during ICANN’s well-intentioned but poorly considered and ill-fated “sponsored TLD” round, where applicants had to show they had support from a community related to their chosen string.
Because the porn industry, particularly in the US, hated the idea of a .xxx domain — erroneously believing governments would force all porn sites into it and then shut it down — ICM was forced to pull a community out of its backside. And thence IFFOR was born.
IFFOR was designed to be a mini-ICANN. It was to have a board, policy-making committees, an ombudsman, oversight, transparency, etc. Its foundational documents (pdf), list 14 obligations, most of which were never fulfilled to any meaningful extent.
Judging by its web site, it’s never made a single policy since it was formed in 2011. But we can’t be sure, because the web site has been poorly maintained (a breach of the first of its original 14 commitments), with no board minutes published for the last six years (despite employing a full-time staffer on a $60,000 salary who, tax forms say, works 40 hours a week).
It did come up with something called a “Policy Engine” for new gTLD registries around the time of the 2012 round, but discontinued it a year later when nobody wanted it.
IFFOR, a not-for-profit registered in California, was supposed to receive $10 from ICM for every registered, resolving .xxx domain and use a portion of that to issue grants to worthy causes related to its mission — child protection, free speech, and so on.
While IFFOR did announce two $5,000 awards in 2013, its tax filings have not reported a single penny spent on grants since 2011. Nada.
IFFOR’s charter seems to have been renegotiated behind the scenes at some point, when .xxx turned out to not be quite the internet cash machine its founders had hoped for. From 2011 to 2014 it was rolling in cash — getting over $1 million from ICM in 2013 — but from 2016 it’s been receiving a flat $100,000 a year, most of which is spent on director salaries.
At around the same time, instead of issuing cash grants, IFFOR started producing an “educational program” for UK schools called AtFirstSite. Aimed at 11 to 14-year-olds, it covers topics such as sexting, dick pics and online pornography, with a clear emphasis on keeping young teens safe online.
AtFirstSite carried a price tag of £150, but the revenue lines on tax forms since 2016 suggest none were ever sold. Instead, the program was given for free to schools that asked for it and this was called a “grant”, to satisfy IFFOR’s grant-giving mandate.
The program — which consists of a PDF and a PowerPoint presentation — is now free, and can be downloaded here , if you want to bemuse an 11-year-old with a reference to Rihanna and Chris Brown’s destructive relationship, which ended before they were born.
Closing IFFOR is not going to cause anyone to lose any sleep, but it will nevertheless be interesting to see whether anyone objects to .xxx losing its “sponsored TLD” status when ICANN opens the contract to public comment.
UK gov takes its lead from ICANN on DNS abuse
The UK government has set out how it intends to regulate UK-related top-level domain registries, and it’s taken its lead mostly from existing ICANN policies.
The Department for Science, Innovation and Technology said last year that it was to activate the parts of the Digital Economy Act of 2010 that allow it to seize control of TLDs such as .uk, .london, .scot, .wales and .cymru, should those registries fail to tackle abuse in future.
It ran a public consultation that attracted a few dozen responses, but has seemingly decided to stick to its original definitions of abuse and cybersquatting, which were cooked up with .uk registry Nominet and others and closely align to industry norms.
DSIT plans to define abuse in the same five categories as ICANN does — phishing, pharming, botnets, malware and vector spam (spam that is used to serve up the first four types of attack) — in its response to the consultation, published yesterday (pdf).
But it’s stronger on child sexual abuse material than ICANN. While registries and registrars have developed a “Framework to Address Abuse” that says they “should” take down domains publishing CSAM, ICANN itself has no contractual prohibitions on such content.
DSIT said it will require UK-related registries to have “adequate policies and procedures” to combat CSAM in their zones. The definition of CSAM follows existing UK law in being broader than elsewhere in the world, including artworks such as cartoons and manga where no real children are harmed.
DSIT said it will define cybersquatting as “the pre-emptive, bad faith registration of trade marks as domain names by third parties who do not possess rights in such names”. The definition omits the “and is being used in bad faith” terminology used in ICANN’s UDRP. DSIT’s definition includes typosquatting.
In response to the new document, Nominet tweeted:
The response highlights that Government recognises the work registries already do to support law enforcement agencies prevent the registration of domains to carry out illegal activity and "expect the existing voluntary arrangements to be used as the first port of call".
— Nominet (@Nominet) February 23, 2024
DSIT said it will draft its regulations “over the coming months”.
.art takes a million domains off its premium list
UK Creative Ideas, the .art gTLD registry, is removing premium pricing from over a million domain names and slashing the premium pricing on others.
The company said today that most of the names losing their premium tag were on the lowest pricing tier, which is $70 wholesale a year. I believe the standard wholesale fee they will be moving to is $12 a year. Retail registrars will of course add their markups on their storefronts.
The registry said it’s “also moving a number of names from some higher premium tiers to lower priced premium tiers”.
The price changes, which come into effect February 21, are designed to make .art more attractive to both end users and domain investors, the company said.
.art had almost a quarter of a million domains under management at the last count. Not relying on cheapo registrations, it has one of the least lumpy growth trajectories of any 2012-round new gTLD, having a reliably steady incline pretty much since its 2017 launch.
Its top registrars are Namecheap, GoDaddy, Tucows and SquareSpace (formerly Google) in North America and Alibaba in China.
Freenom settles $500 million Meta lawsuit and will exit domain business
Facebook has claimed another domain industry scalp. Freenom said this week it has settled the cybersquatting lawsuit filed against it by Meta last year, and that it is getting out of the domain name business.
The registry/registrar said in a brief February 12 statement (pdf) that it will pay Meta an undisclosed sum and has “independently decided to exit the domain name business”.
Just how “independent” that decision was is debatable. The company lost its ICANN registrar accreditation last year and is believed to have lost its government contracts to run the ccTLDs for Equatorial Guinea, Central African Republic, Mali, Gabon, and possibly also Tokelau, its flagship .tk domain.
Meta had claimed in its complaint that Freenom had typosquatted its trademarks thousands of times, including domains such as faceb00k.ga. It sued for 5,000 counts under US anti-cybersquatting law, seeking $100,000 for each infringement, for a cool half-billion bucks in total.
Freenom and its network of co-defendant affiliates said in their defense that Meta had access to an abuse API that allowed it to turn off such domains, but had never used it. It also claimed many of the cited typosquats had already been shut down by the time the suit was filed.
It seems the names in question were likely those registered by abusive third-parties that were reclaimed and monetized by Freenom under its widely criticized free-domains business model, which made its TLDs some of the world’s most-abused.
But the claims on both sides evidently will not be tested at trial. The last court filing, dated late December, showed the two parties were to enter mediation, and Freenom put out the following statement this week:
Freenom today announced it has resolved the lawsuit brought by Meta Platforms, Inc. on confidential monetary and business Terms. Freenom recognizes Meta’s legitimate interest in enforcing its intellectual property rights and protecting its users from fraud and abuse.
Freenom and its related companies have also independently decided to exit the domain name business, including the operation of registries. While Freenom winds down its domain name business, Freenom will treat the Meta family of companies as a trusted notifier and will also implement a block list to address future phishing, DNS abuse, and cybersquatting.
Meta said in its Q4 Adversarial Threat Report this week that the settlement showed its approach to tackling DNS abuse is working.
Freenom’s gTLD domains have been transferred to Gandi. It’s less clear what’s happening to its ccTLD names, though social media chatter this week suggests the company has been giving registrants in affected ccTLDs nine-year renewals at no cost.
Domain universe grows on new gTLDs despite .com shrinkage
The number of domain names on the internet grew by about 600,000 during the fourth quarter of 2023, despite the drag caused by shrinkage in .com and .net, according to Verisign’s latest Domain Name Industry Brief.
There were 359.8 million registered domains at the end of the year across all TLDs, a 0.2% increase over September, the latest DNIB says.
The growth was hampered by declines in Verisign’s own flagship gTLDs, which were down by 1.2 million names over Q3 and a million names year-over year. Verisign blamed softness in China for the declines during its Q4 earnings call last week.
New gTLD reg volume picked up most of the slack, growing by 1.6 million or 5.3% over Q3, and 4.4 million or 15.9% over 2022. This seems to have been largely driven by six-figure increases at a handful of low-cost gTLDs coupled with smaller increases across the board.
ccTLDs grew more modestly, up about 200,000 names or 0.2% quarter over quarter and 5.3 million names, 4%, year over year. There were 138.3 million ccTLD domains at the end of the year. Growth seems to have been tempered by six-figure declines in the likes of .uk and .ru.
Registry service provider evaluation handbook published
ICANN has released the first draft of its RSP Handbook, the guidelines and questionnaire for registry service providers that want to get pre-approved by the Org ahead of the next new gTLD application round.
The Handbook is aimed at the few dozen companies that offer back-end services to gTLD registries — companies such as GoDaddy, Identity Digital and CentralNic — to guide them through the process of getting approved under the new Registry Service Provider Evaluation Program.
The program was called for by the GNSO community in order to minimize the amount of time-consuming, expensive evaluation work required for each new gTLD application. If a gTLD applicant’s selected RSP has been pre-approved by ICANN, it’s an automatic pass on the technical part of the application.
The new Handbook 1.0 envisages four types of RSP. A “Main RSP” is a full-service provider that looks after all technical aspects of a registry back-end. There are also categories for companies that provide DNS resolution only and DNSSEC services.
A fourth type, the “Proxy RSP”, is aimed primarily at companies that provide secondary registry services in countries that have very restrictive domain licensing rules. That basically means China, and proxies such as ZDNS.
Incumbent gTLD RSPs have a distinct advantage in the Handbook process. If they’re in good standing with ICANN and have complied with their service level agreements for the last six months, they can skip the second, technical part of the evaluation.
Incumbents also get a streamlined process for additional registry services — stuff like name-blocking and registry locks — they wish to offer. If they already offer them in an existing gTLD, they get to skip the full Registry Services Evaluation Process.
The Handbook is a first draft and does not currently include things like fees and dates. It’s not yet open for public comment but you can read the 108-page PDF here.
ICANN expects to launch the pre-evaluation program 18 months before it starts accepting new gTLD applications, so applicants have a list of approved RSPs to choose from. With a Q2 2026 target date for the next application window, that means the RSP program could launch later this year.
WebUnited inks deal to “mirror” country’s TLD in the blockchain
Blockchain domains startup WebUnited says it has signed up its first registry client to a service that allows domain names to be “mirrored” on a blockchain naming service.
The company has inked a deal with Global Domains International, the registry for Samoa’s .ws ccTLD (sometimes marketed as a generic for “web site”), that will let its registrars up-sell matching .ws names on the Polygon blockchain.
WebUnited, a Swiss-based joint venture of domain registry ShortDot and “Web3” naming player Freename, says registrants will be able to use their mirrored .ws names to address cryptocurrency wallets, for example.
The company essentially acts as a registry service provider for its registry clients in much the same way as regular RSPs do now, except instead of putting domains into EPP databases and the consensus DNS, it adds them to a blockchain.
Registrars that choose to sign up to the service will use an “EPP-like” API to access the registry, ShortDot COO Kevin Kopas said. He expects .ws to charge about five bucks a year for the blockchain add-on domains.
Kopas said WebUnited is also mirroring policies found in regular domain names, so if somebody loses their domain in a UDRP case, for example, they also lose their matching blockchain name.
After .ws, ShortDot’s own TLDs — .bond, .sbs, .icu, .cyou and .cfd — are also expected to offer the mirroring service. Because these are gTLDs governed by ICANN contracts, ShortDot first has to go through the Registry Service Evaluation Process for approval.
Kopas said that once ShortDot has completed its RSEP it will be able to supply gTLD clients with template language to get their own RSEPs approved. He said WebUnited has a pipeline of potential ccTLD and gTLD registries that have expressed an interest in the service.
.com is shrinking but Verisign raises prices again anyway
Verisign has confirmed that it plans to exercise its fourth and final .com price-increasing power under its current registry contract, even as its domains under management continues to head south.
The company confirmed last night that it will increase the annual registration and renewal wholesale fee for a .com domain from $9.59 to $10.26 on September 1 this year. It’s the last of the four times it’s allowed to raise prices by up to 7% in its current contract with ICANN, which expires in November.
The news came as Verisign reported its fourth-quarter and full-year 2023 financial results, which were as profitable as we’ve come to expect.
But in terms of domains under management, .com and .net continued to decline, which CEO Jim Bidzos told analysts was all China’s fault. Domains managed by Chinese registrars shrank by 2.2 million in Q4, leading to an overall .com/.net shrinkage of 1.2 million names.
There were nine million new .com/.net registrations in Q4, down from 9.7 million in the same quarter in 2022.
Bidzos said the decline in China was due to factors such as stricter local regulations and a weaker economy, and said he expects those challenges to continue to hit Verisign’s numbers in 2024. He did not blamed higher prices for the drop.
Indeed, the .com zone file has been shrinking by about 1,500 domains per day on average since the start of the year. Zone numbers are usually a reliable predictor of DUM trends.
Revenue from China was down about $14.4 million, CFO George Kilguss said.
Bidzos said Verisign expects its DUM to be flat this year, with a possible 1% swing either way.
For Q4, the company reported revenue up 3% year over year at $380 million, with $265 million net income, up from $179 million a year earlier.
For the whole of 2023, revenue was up 4.8% at $1.49 billion and net income was $818 million, up from $674 million in 2022.
UK cybersquatting complaints hit record low
There were fewer cybersquatting complaints filed against .uk domain holders in 2023 than in any other year since Nominet started reporting its annual stats, according to the latest annual Nominet DRS report.
There were just 511 complaints filed last year, down from 568 in 2022, according to the latest report. That’s the lowest number for at least the last 14 years Nominet has been reporting its annual DRS stats. The highest number was 728, in 2015.
Just 48% of cases resulted in a domain being transferred to the complainant (compare to the 82% WIPO reported for its UDRP cases in 2023), up from 43% in 2022, Nominet said.
The number of disputed domains was 680, down from 745 in 2022, but the number of domains in .uk complained about rocketed from 26 to 122, the second-highest level since Nominet opened the second level for direct registrations a decade ago.
The number of disputed .co.uk domains was down from 686 in 2022 to 538 in 2023.
The decline in cybersquatting complaints come as .uk as a whole continues to shrink. The second and third levels combined lost a net 366,778 domains in 2023, ending December at 10,732,479 domains, according to Nominet stats.
Recent Comments