Latest news of the domain name industry

Recent Posts

Nominet gets new chair

.uk registry Nominet has appointed a new chair from the world of news media.

Mark Wood will replace outgoing chair Rennie Fritchie on April 28, the company said yesterday.

Wood is formerly a director of Reuters and chair/CEO of the UK television news company ITN. He’s also on the board of CityWire and the advisory board of PwC.

Baroness Fritchie has chaired Nominet for seven years.

Verisign report deletes millions of domains from history

Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.

The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.

But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.

The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they are deleted for abuse expire.

It seems a change in the way .tk is counted (or estimated) is the cause of the dip.

Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.

Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.

But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.

In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.

I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.

Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:

In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.

Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.

Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.

The full Q4 report can be read here (pdf).

India’s biggest bank switches to dot-brand

Kevin Murphy, February 22, 2017, Domain Registries

State Bank of India has announced plans to migrate all of its web sites to its new dot-brand gTLD.

The company has been responsible for .sbi since it was delegated by ICANN last April, but bank.sbi is its first live domain name.

Currently, while bank.sbi is live and resolving, the old domain sbi.co.in appears to still be its primary address.

However, SBI said “all of the bank’s internet presence… shall soon be migrated to the .sbi gTLD”.

There will be a period of crossover while customers get used to the change, it said in a press release.

The bank said: “a gTLD site like .sbi conveys an assurance to the customer that the site is authorised, genuine and is not an inappropriate or phishing site”.

The move is perhaps significant given that SBI is state-owned, and one might expect some level of nationalism when it comes to domain choice.

But SBI, India’s largest bank with $490 billion in assets under management, is not the first bank to say it plans to use its dot-brand as its primary TLD.

BNP Paribas, the world’s biggest non-Chinese bank, uses .bnpparibas for almost everything, particularly in its native France. It has three domains in the Alexa top 100,000 most-visited web sites.

Others with dot-brands in use include Barclays and Citi.

Activist investor says eNom was sold too cheap

Kevin Murphy, February 20, 2017, Domain Registries

J Carlo Cannell, the activist investor who has been circling Rightside for the last year or so, was unimpressed with the company’s recent sale of eNom to Tucows.

In a letter published as a Securities and Exchange Commission filing last week, Cannell announced that he has started up a support group for fellow “concerned” investors.

In the distinctly loveless Valentine’s Day missive, Cannell called for Rightside to be acquired, go private or issue a big dividend to investors, and said he intends to campaign to have the board of directors replaced.

On the eNom sale, Cannell wrote that the $76.7 million deal “marks a step in the right direction” for the company, but that he was “not satisfied” with the price or the $4 million legal fees accrued. He wrote:

Conversations with management suggest that the Company took only two months to evaluate and close the transaction. Perhaps if they had been more patient and diligent, shareholders would have enjoyed more than the 0.5x 2016 revenues which they received in this “shotgun sale”.

This price was a fraction of Tucows’ own valuation of 2.6x 2016 estimated revenue. For the two trading sessions following the eNom transaction, NAME traded up 10% while TCX was up 32%, suggesting that investors believe it was a better deal for TCX shareholders than NAME shareholders.

The deal was described at the time by Tucows’ CEO Elliot Noss as an “individual opportunistic transaction”.

Noss later told analysts that the eNom business was floundering, “a flat, potentially even slightly negative-growth business”.

Cannell said last week he has formed Save NAME Group, named after Rightside’s ticker symbol, as a means to exert pressure on the board.

He said it is currently “difficult to justify” the company remaining publicly listed, and that the “sale of the entire company” or a “special and substantial dividend” could help appease shareholders.

He said Rightside agreed last August to let him name a new director, but has dragged its feet approving his suggestion, adding:

SNG intends to become more active and vocal in its efforts to force change at NAME. SNG has compiled a slate of qualified candidates. The names and identity of these candidates shall be disclosed periodically together with other neutral and reliable facts to support the contention of SNG that some or all of the board of NAME needs to be replaced.

Cannell, who owns about 9% of Rightside, first emerged as a critic of the company a year ago.

At that time, he called for the company to ditch its “garbage” new gTLD registries in favor of a focus on its higher-margin eNom business.

He was supported by Uniregistry CEO Frank Schilling, then also a Rightside investor in addition to a competitor.

Phishing in new gTLDs up 1,000% but .com still the worst

Kevin Murphy, February 20, 2017, Domain Registries

The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.

.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.

But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.

New gTLDs saw a 1,000% increase in attacks on 2015, the report states.

The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.

The company said:

Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.

There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.

Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.

But the numbers show that new gTLDs are significantly under-represented in phishing attacks.

According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.

Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.

CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.

The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.

Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.

But PhishLabs said in its report:

When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.

By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.

Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.