Latest news of the domain name industry

Recent Posts

Thick Whois coming to .com next year, price rise to follow?

Kevin Murphy, October 27, 2016, Domain Registries

Verisign could be running a “thick” Whois database for .com, .net and .jobs by mid-2017, under a new ICANN proposal.

A timetable published this week would see the final three hold-out gTLDs fully move over to the standard thick Whois model by February 2019, with the system live by next August.

Some people believe that Verisign might use the move as an excuse to increase .com prices.

Thick Whois is where the registry stores the full Whois record, containing all registrant contact data, for every domain in their TLD.

The three Verisign TLDs currently have “thin” Whois databases, which only store information about domain creation dates, the sponsoring registrar and name servers.

The model dates back to when the registry and registrar businesses of Verisign’s predecessor, Network Solutions, were broken up at the end of the last century.

But it’s been ICANN consensus policy for about three years for Verisign to eventually switch to a thick model.

Finally, ICANN has published for public comment its anticipated schedule (pdf) for this to happen.

Under the proposal, Verisign would have to start offering registrars the ability to put domains in its thick Whois by August 1 2017, both live via EPP and in bulk.

It would not become obligatory for registrars to submit thick Whois for all newly registered domains until May 1, 2018.

They’d have until February 1, 2019 to bulk-migrate all existing Whois records over to the new system.

Thick Whois in .com has been controversial for a number of reasons.

Some registrars have expressed dissatisfaction with the idea of migrating part of their customer relationship to Verisign. Others have had concerns that local data protection laws may prevent them moving data in bulk overseas.

The new proposal includes a carve-out that would let registrars request an exemption from the requirements if they can show it would conflict with local laws, which holds the potential to make a mockery out of the entire endeavor.

Some observers also believe that Verisign may use the expense of building and operating the new Whois system as an excuse to trigger talks with ICANN about increasing the price of .com from its current, frozen level.

Under its .com contract, Verisign can ICANN ask for a fee increase “due to the imposition of any new Consensus Policy”, which is exactly what the move to thick Whois is.

Whether it would choose to exercise this right is another question — .com is a staggeringly profitable cash-printing machine and this Whois is not likely to be that expensive, relatively speaking.

The proposed implementation timetable is open for public comment until December 15.

Radix acquires .fun gTLD from Warren Buffett

Kevin Murphy, October 25, 2016, Domain Registries

New gTLD portfolio player Radix has acquired the pre-launch TLD .fun from its original owner.

The company took over the .fun Registry Agreement from Oriental Trading Company on October 4, according to ICANN records.

Oriental is a party supplies company owned by Warren Buffett’s Berkshire Hathaway.

It won .fun in a private auction in April last year, beating off Google and .buzz operator DotStrategy.

It had planned to run it as a “closed generic” — keeping all the domains in .fun for itself — but those plans appeared to have been shelved by the time it signed its RA in January this year.

Evidently Oriental’s heart was not in it, and Radix made an offer for the string it found more attractive.

Radix business head Sandeep Ramchandani confirmed to DI today that .fun will be operated in a completely unrestricted manner, the same as its other gTLDs.

It will be Radix’s first three-letter gTLD, Ramchandani said. It already runs zones such as .online, .site and .space.

.fun is not yet delegated, but Radix is hoping for a December sunrise period, he said.

Uniregistry says it was unaffected by mother of all DDoS attacks

Kevin Murphy, October 25, 2016, Domain Registries

Almost 50 top-level domains were believed to be exposed to the massive distributed denial-of-service attack that hit Dyn on Friday, but the largest of the bunch said it managed to stay online throughout.

As has been widely reported in the mainstream and tech media over the last few days, DNS service provider Dyn got whacked by one of the biggest pieces of DDoS vandalism in the internet’s brief history.

Dyn customers including Netflix, Twitter, Spotify, PayPal and Reddit were reportedly largely inaccessible for many US-based internet users over the space of three waves of attack over about 12 hours.

The company said in a statement that the Mirai botnet was likely the attackers’ tool of choice.

It said that “10s of millions” of unique IP addresses were involved.

It has since emerged that many of the bots were actually installed on webcams secured with easily-guessable default passwords. XiongMai, a Chinese webcam manufacturer, has issued a recall.

In terms of the domain registry business, only about 50 TLDs use Dyn’s DynTLD service for DNS resolution, according to IANA records.

About half of these are tiny ccTLDs. They other half are Uniregistry’s portfolio of new gTLDs, including the like of .link, .car and .photo.

Uniregistry CEO Frank Schilling told DI that the Uniregistry TLDs did not go down as a result of the attack, pointing out that the company also uses its own in-house DNS.

“We like Dyn and think they have a great product but we did not go down because we also run our own DNS,” he said. “If we relied on them exclusively we would have gone down, but that is why we don’t do that.”

Big brands condemn “fraudulent” .feedback gTLD in ICANN complaint

Kevin Murphy, October 25, 2016, Domain Registries

Top Level Spectrum has been accused today of running the gTLD .feedback in a “fraudulent and deceptive” manner.

Over a dozen famous brands, corralled by corporate registrar MarkMonitor, today formally complained to ICANN that .feedback is a “complete sham”.

They reckon that the majority of .feedback domains belong to entities connected to the registry, violate trademarks, and have been stuffed with bogus and plagiarized reviews.

TLS denies any involvement.

MarkMonitor clients Adobe, American Apparel, Best Buy, Facebook, Levi and Verizon are among those that today filed a Public Interest Commitments Dispute Resolution Policy complaint with ICANN.

PICDRP is the mechanism third parties can use to complain about new gTLD registries they believe are in breach of the Public Interest Commitments found in their registry contracts.

The 50-page complaint (pdf), which comes with hundreds of pages of supporting documentation spread over 36 exhibits, purports to show TLS engaging in an “escalating pattern of discriminatory, fraudulent and deceptive registry misconduct”.

While the allegations of wrongdoing are fairly broad, the most interesting appears to be the claim that TLS quietly registered thousands of .feedback names matching trademarks to itself and then filled them with reviews either ripped off from Yelp! or supplied by overseas freelancers working for pennies.

TLS denies that it did any of this.

The .feedback registry is closely tied to the affiliated entity Feedback SAAS, which offers a hosted social platform for product/company reviews. Pricing for .feedback domains is dependent on whether registrants use this service or not.

The complaint states:

the overwhelming majority of domain names registered and activated within the .FEEDBACK TLD — over seventy percent (70%) — are currently owned and operated by Respondent [TLS], and parties working in concert with Respondent

Respondent has solicited and paid numerous third parties, including professional freelance writers who offer to post a set number of words for a fee, to write fabricated reviews regarding Complainants’ products and services.

These ostensibly independent reviews from ordinary consumers are intended to give the appearance of legitimate commentary within .FEEDBACK sites, when, in fact, the reviews are a complete sham.

An investigation carried out by MarkMonitor (pdf) showed that of the 2,787 .feedback domains registered up to July 31, 73% were registered to just five registrants.

The top registrant, Liberty Domains LLC of Las Vegas, owned 47% of these domains.

MarkMonitor believes this company (which it said does not show up in Nevada company records) and fourth-biggest registrant Core Domains LLC (based at the same Vegas mail forwarding service) are merely fronts for TLS, though it has no smoking gun proving this connection.

TLS CEO Jay Westerdal denies the company is affiliated with Liberty.

The MarkMonitor investigation counted 27,573 reviews on these sites, but 22% of them purported have been written prior to the date the domain was registered, in some cases by years.

The company reckons hundreds of reviews can be traced to five freelance writers who responded to February job ads looking for people who could write and post 10 150-word reviews per hour.

Other reviews appear to have been copied wholesale from Yelp! (this can be easily verified by visiting almost any .feedback site and searching for exact-match content on Google).

Westerdal told DI last week that registrants can use an API to import reviews.

The brands’ complaint goes on to criticize TLS for its Free.feedback offering, a very odd, bare-bones web site which seems to offer free .feedback domains.

When you type a domain or email address into the form on Free.feedback, it offers to give you the equivalent .feedback domain for free, automatically populating a second form with the Whois record of the original domain.

According to the complaint, after somebody registers a free .feedback domain, Feedback SAAS starts contacting the person listed in the Whois about their “free trial registration” regardless of whether they were actually the person who signed up the the domain. The complaint states:

Complainants and multiple other trademark owners who received such email notifications from Feedback SAAS and TLS registrars never visited the FREE.FEEDBACK website, and they never requested a free trial registration in the .FEEDBACK TLD

I’ve been unable to fully replicate this experience in attempts to test Free.feedback.

The complaint alleges multiple breaches of the PICs in the .feedback ICANN Registry Agreement.

The brands want ICANN Compliance to conduct a thorough investigation of .feedback, for all Free.feedback domains with phony Whois to be terminated, and for affected trademark owners to get refunds. They also want their legal costs paid by TLS.

ICANN does not typically publish the outcome of PICDRP complaints. Indeed, this is only the second one I’m aware of. It’s difficult to judge what MarkMonitor’s posse’s chances of success are.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.