Latest news of the domain name industry

Recent Posts

Radix acquires .fun gTLD from Warren Buffett

Kevin Murphy, October 25, 2016, Domain Registries

New gTLD portfolio player Radix has acquired the pre-launch TLD .fun from its original owner.

The company took over the .fun Registry Agreement from Oriental Trading Company on October 4, according to ICANN records.

Oriental is a party supplies company owned by Warren Buffett’s Berkshire Hathaway.

It won .fun in a private auction in April last year, beating off Google and .buzz operator DotStrategy.

It had planned to run it as a “closed generic” — keeping all the domains in .fun for itself — but those plans appeared to have been shelved by the time it signed its RA in January this year.

Evidently Oriental’s heart was not in it, and Radix made an offer for the string it found more attractive.

Radix business head Sandeep Ramchandani confirmed to DI today that .fun will be operated in a completely unrestricted manner, the same as its other gTLDs.

It will be Radix’s first three-letter gTLD, Ramchandani said. It already runs zones such as .online, .site and .space.

.fun is not yet delegated, but Radix is hoping for a December sunrise period, he said.

Uniregistry says it was unaffected by mother of all DDoS attacks

Kevin Murphy, October 25, 2016, Domain Registries

Almost 50 top-level domains were believed to be exposed to the massive distributed denial-of-service attack that hit Dyn on Friday, but the largest of the bunch said it managed to stay online throughout.

As has been widely reported in the mainstream and tech media over the last few days, DNS service provider Dyn got whacked by one of the biggest pieces of DDoS vandalism in the internet’s brief history.

Dyn customers including Netflix, Twitter, Spotify, PayPal and Reddit were reportedly largely inaccessible for many US-based internet users over the space of three waves of attack over about 12 hours.

The company said in a statement that the Mirai botnet was likely the attackers’ tool of choice.

It said that “10s of millions” of unique IP addresses were involved.

It has since emerged that many of the bots were actually installed on webcams secured with easily-guessable default passwords. XiongMai, a Chinese webcam manufacturer, has issued a recall.

In terms of the domain registry business, only about 50 TLDs use Dyn’s DynTLD service for DNS resolution, according to IANA records.

About half of these are tiny ccTLDs. They other half are Uniregistry’s portfolio of new gTLDs, including the like of .link, .car and .photo.

Uniregistry CEO Frank Schilling told DI that the Uniregistry TLDs did not go down as a result of the attack, pointing out that the company also uses its own in-house DNS.

“We like Dyn and think they have a great product but we did not go down because we also run our own DNS,” he said. “If we relied on them exclusively we would have gone down, but that is why we don’t do that.”

Big brands condemn “fraudulent” .feedback gTLD in ICANN complaint

Kevin Murphy, October 25, 2016, Domain Registries

Top Level Spectrum has been accused today of running the gTLD .feedback in a “fraudulent and deceptive” manner.

Over a dozen famous brands, corralled by corporate registrar MarkMonitor, today formally complained to ICANN that .feedback is a “complete sham”.

They reckon that the majority of .feedback domains belong to entities connected to the registry, violate trademarks, and have been stuffed with bogus and plagiarized reviews.

TLS denies any involvement.

MarkMonitor clients Adobe, American Apparel, Best Buy, Facebook, Levi and Verizon are among those that today filed a Public Interest Commitments Dispute Resolution Policy complaint with ICANN.

PICDRP is the mechanism third parties can use to complain about new gTLD registries they believe are in breach of the Public Interest Commitments found in their registry contracts.

The 50-page complaint (pdf), which comes with hundreds of pages of supporting documentation spread over 36 exhibits, purports to show TLS engaging in an “escalating pattern of discriminatory, fraudulent and deceptive registry misconduct”.

While the allegations of wrongdoing are fairly broad, the most interesting appears to be the claim that TLS quietly registered thousands of .feedback names matching trademarks to itself and then filled them with reviews either ripped off from Yelp! or supplied by overseas freelancers working for pennies.

TLS denies that it did any of this.

The .feedback registry is closely tied to the affiliated entity Feedback SAAS, which offers a hosted social platform for product/company reviews. Pricing for .feedback domains is dependent on whether registrants use this service or not.

The complaint states:

the overwhelming majority of domain names registered and activated within the .FEEDBACK TLD — over seventy percent (70%) — are currently owned and operated by Respondent [TLS], and parties working in concert with Respondent

Respondent has solicited and paid numerous third parties, including professional freelance writers who offer to post a set number of words for a fee, to write fabricated reviews regarding Complainants’ products and services.

These ostensibly independent reviews from ordinary consumers are intended to give the appearance of legitimate commentary within .FEEDBACK sites, when, in fact, the reviews are a complete sham.

An investigation carried out by MarkMonitor (pdf) showed that of the 2,787 .feedback domains registered up to July 31, 73% were registered to just five registrants.

The top registrant, Liberty Domains LLC of Las Vegas, owned 47% of these domains.

MarkMonitor believes this company (which it said does not show up in Nevada company records) and fourth-biggest registrant Core Domains LLC (based at the same Vegas mail forwarding service) are merely fronts for TLS, though it has no smoking gun proving this connection.

TLS CEO Jay Westerdal denies the company is affiliated with Liberty.

The MarkMonitor investigation counted 27,573 reviews on these sites, but 22% of them purported have been written prior to the date the domain was registered, in some cases by years.

The company reckons hundreds of reviews can be traced to five freelance writers who responded to February job ads looking for people who could write and post 10 150-word reviews per hour.

Other reviews appear to have been copied wholesale from Yelp! (this can be easily verified by visiting almost any .feedback site and searching for exact-match content on Google).

Westerdal told DI last week that registrants can use an API to import reviews.

The brands’ complaint goes on to criticize TLS for its Free.feedback offering, a very odd, bare-bones web site which seems to offer free .feedback domains.

When you type a domain or email address into the form on Free.feedback, it offers to give you the equivalent .feedback domain for free, automatically populating a second form with the Whois record of the original domain.

According to the complaint, after somebody registers a free .feedback domain, Feedback SAAS starts contacting the person listed in the Whois about their “free trial registration” regardless of whether they were actually the person who signed up the the domain. The complaint states:

Complainants and multiple other trademark owners who received such email notifications from Feedback SAAS and TLS registrars never visited the FREE.FEEDBACK website, and they never requested a free trial registration in the .FEEDBACK TLD

I’ve been unable to fully replicate this experience in attempts to test Free.feedback.

The complaint alleges multiple breaches of the PICs in the .feedback ICANN Registry Agreement.

The brands want ICANN Compliance to conduct a thorough investigation of .feedback, for all Free.feedback domains with phony Whois to be terminated, and for affected trademark owners to get refunds. They also want their legal costs paid by TLS.

ICANN does not typically publish the outcome of PICDRP complaints. Indeed, this is only the second one I’m aware of. It’s difficult to judge what MarkMonitor’s posse’s chances of success are.

Google could shake up the registry market with new open-source Nomulus platform

Kevin Murphy, October 19, 2016, Domain Registries

Google has muscled in to the registry service provider market with the launch of Nomulus, an open-source TLD back-end platform.

The new offering appears to be tightly integrated with Google’s various cloud services, challenging long-held registry pricing conventions.

There are already indications that at least one of the gTLD market’s biggest players could be considering a move to the service.

Donuts revealed yesterday it has been helping Google with Nomulus since early 2015, suggesting a shift away from long-time back-end partner Rightside could be on the cards.

Nomulus, which is currently in use at Google Registry’s handful of early-stage gTLDs, takes care of most of the core registry functions required by ICANN, Google said.

It’s a shared registration system based on the EPP standard, able to handle all the elements of the domain registration lifecycle.

Donuts contributed code enabling features it uses in its own 200-ish gTLDs, such as pricing tiers, the Early Access Period and Domain Protected Marks List.

Nomulus handles Whois and likely successor protocol RDAP (Registration Data Access Protocol).

For DNS resolution, it comes with a plug-in to make TLDs work on the Google Cloud DNS service. Users will also be able to write code to use alternative DNS providers.

There’s also software to handle daily data escrow to a third-party provider, another ICANN-mandated essential.

But Nomulus lacks critical features such as billing and fully ICANN-compliant reporting, according to documentation.

So will anyone actually use this? And if so, who?

It’s too early to say for sure, but Donuts certainly seems keen. In a blog post, CEO Paul Stahura wrote:

As the world’s largest operator of new TLDs, Donuts must continually explore compelling technologies and ensure our back-end operations are cost-efficient and flexible… Google has a phenomenal record of stability, an almost peerless engineering team, endless computing resources and global scale. These are additional potential benefits for us and others who may contribute to or utilize the system. We have been happy to evaluate and contribute to this open source project over the past 20 months because this platform provides Donuts with an alternative back-end with significant benefits.

In a roundabout way, Donuts is essentially saying that Nomulus could work out cheaper than its current back-end, Rightside.

The biggest change heralded by Nomulus is certainly pricing.

For as long as there has been a competitive market for back-end domain registry services, pricing has been on a per-domain basis.

While pricing and model vary by provider and customer, registry operators typically pay their RSPs a flat fee and a buck or two for each domain they have under management.

Pricing for dot-brands, where DUM typically comes in at under 100 today, is believed to be weighted much more towards the flat-fee service charge element.

But that’s not how Nomulus is to be paid for.

While the software is open source and free, it’s designed to run on Google’s cloud hosting services, where users are billed on the fly according to their usage of resources such as storage and bandwidth consumed.

For example, the Google Cloud Datastore, the company’s database service that Nomulus uses to store registration and Whois records, charges are $0.18 per gigabyte of storage per month.

For a small TLD, such as a dot-brand, one imagines that storage costs could be reduced substantially.

However, Nomulus is not exactly a fire-and-forget solution.

There is no Google registry service with customer support reps and such, at least not yet. Nomulus users are responsible for building and maintaining their registry like they would any other hosted application.

So the potentially lower service costs would have to be balanced against potentially higher staffing costs.

My hunch based on the limited available information is that for a dot-brand or a small niche TLD operating on a skeleton crew that may lack technical expertise, moving to Nomulus could be a false economy.

With this in mind, Google may have just created a whole new market for middleman RSPs — TLD management companies that can offer small TLDs a single point of contact for technical expertise and support but don’t need to build out and own their own expensive infrastructure.

The barrier to entry to the RSP market may have just dropped like a rock, in other words.

And Nomulus may work out more attractive to larger TLD operators such as Donuts, with existing teams of geeks, that can take advantage of Google’s economies of scale.

Don’t expect any huge changes overnight though. Migrating between back-ends is not an easy or cheap feat.

As well as ICANN costs, and data migration and software costs, there’s also the non-trivial matter of shepherding a horde of registrars over to the new platform.

How much impact Nomulus will have on the market remains to be seen, but it has certainly given the industry something to think about.

Donuts will cut off sham .doctors

Kevin Murphy, October 17, 2016, Domain Registries

Donuts has outlined plans to suspend or delete .doctor domain names used by fake medical doctors.

Despite protestations from governments and others, .doctor will not be a restricted gTLD when it goes to general availability next week — anyone will be able to register one.

However, Donuts said last week that it will shut down phony doctor sites:

While we are firmly committed to free speech on the Internet, we however will be on guard against inappropriate or dangerous uses of .DOCTOR. Accordingly, if registrants using this name make the representation on their websites that they are licensed medical practitioners, they should be able to demonstrate upon request that in fact they hold such a license. Failure to so demonstrate could be considered a violation of the terms of registration and may subject the registrant to registrar and registry rights to delete, revoke, suspend, cancel, or transfer a registration.

A Donuts spokesperson said that the registry will have the right to conduct spot-checks on sites, but at first will only police the gTLD in response to complaints from others.

“We have the right to spot check, but no immediate plans to do so,” he said.

In a few fringe cases, the failure to present a license would not result in the loss of a domain.

For example, a “registrant is in a jurisdiction that doesn’t license doctors (if that exists)” or a “registrant that represents him/herself as a licensed medical doctor, but uses the site to sell cupcakes”, the spokesperson said.

ICANN’s Governmental Advisory Committee had wanted .doctor restricted to medical doctors, but Donuts complained noting that “doctor” is an appellation used in many other fields beyond medicine.

It can also be used in fanciful ways to market products, the registry said.

ICANN eventually sided with Donuts, allowing it to keep an open TLD as long as it included certain Public Interest Commitments in its registry contract.

.doctor goes to GA October 26.