Latest news of the domain name industry

Recent Posts

Cybersquatting cases up because of .com

Kevin Murphy, March 23, 2018, Domain Services

The World Intellectual Property Organization handled cybersquatting cases covering almost a thousand extra domain names in 2017 over the previous year, but almost all of the growth came from complaints about .com names, according to the latest WIPO stats.

There were 3,074 UDRP cases filed with WIPO in 2017, up about 1.2% from the 3,036 cases heard in 2016, WIPO said in its annual roundup last week.

That’s slower growth than 2016, which saw a 10% increase in cases over the previous year.

But the number domains complained about in UDRP was up more sharply — 6,370 domains versus 5,374 in 2016.

WIPO graph

WIPO said that 12% of its 2017 cases covered domains registered in new gTLDs, down from 16% in 2016.

If you drill into its numbers, you see that 3,997 .com domains were complained about in 2017, up by 862 domains or 27% from the 3,135 seen in 2016.

.com accounted for 66% of UDRP’d domains in 2016 and 70% in 2017. The top four domains in WIPO’s table are all legacy gTLDs.

As usual when looking at stats for basically anything in the domain business in the last few years, the tumescent rise and meteoric fall of .xyz and .top have a lot to say about the numbers.

In 2016, they accounted for 321 and 153 of WIPO’s UDRP domains respectively, but they were down to 66 and 24 domains in 2017.

Instead, three Radix TLDs — .store, .site and .online — took the honors as the most complained-about new gTLDs, with 98, 79, and 74 domains respectively. Each of those three TLDs saw dozens more complained-about domains in 2017 than in 2016.

As usual, interpreting WIPO’s annual numbers requires caution for a number of reasons, among them: WIPO is not the only dispute resolution provider to handle UDRP cases, rises and falls in UDRP filings do not necessarily equate to rises and falls in cybersquatting, and comparisons between .com and new gTLDs do not take into account that new gTLDs also have the URS as an alternative dispute mechanism.

Donuts releases free TLD-neutral name-spinner

Kevin Murphy, January 24, 2018, Domain Services

Donuts has announced the release of a free name-spinner tool for registrars and resellers.

Relevant Name Search, found at rns.domains, isn’t a destination site in itself, but will be free for registrars to integrate into their storefronts.

The company said it’s been in beta testing with eNom, Dreamhost, Dynadot and Name.com, with eNom using it for over a year.

The service recalls something similar released by Verisign.

However, unlike the Verisign NameStudio tool, Donuts said RNS is “registry-neutral”, meaning it’s not designed to plug its own portfolio of TLDs over those from other registries.

I subjected the service to a quick, non-scientific test today and found the results much more semantically relevant than the Verisign tool, which only returns .com, .net and .cc results.

When I used NameStudio in November to search for “vodka”, my best offering was dogvodka.com. With RNS, I was offered the likes of vodka.bar, vodka.rocks, vodka.party, vodka.social and vodka.trade (all of which appear to carry premium pricing).

While Verisign offered me funattorney.com on a search for “attorney”, Donuts offered up attorney.lawyer, attorney.lgbt and attorney.blog.

RNS does not ignore legacy gTLDs, however. Doing a search for something a little more niche will bring up .com and .net domains, appropriately (in my view) ranked.

Search for “birmingham taxi” and you’ll get three relevant .limo domains (yeah, .limo exists, apparently) before birminghamtaxi.net.

Similarly, if you want to open up a pizza place in Cardiff, search for “cardiff pizza” and you’ll get offered cardiff.pizza, cardiffpizza.menu, cardiffpizza.restaurant, cardiffpizza.cafe and cardiffpizza.delivery before you get to cardiffpizza.com.

Many domain investors would say that the .com is unarguably the superior domain (it’s also unregistered and non-premium), but even those people would have to admit that the five more prominent suggestions have more semantic relevance.

Donuts said that RNS is configurable to take into account TLD-specific promotions, geography and marketing campaigns, and that it can be integrated with a single API call.

DomainTools scraps apps and APIs in war on spam

Kevin Murphy, January 22, 2018, Domain Services

DomainTools is to scrap at least five of its services as it tries to crack down spam.

It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.

CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.

The iOS app will no longer be supported after February 20th.

The Developer API is no longer supported.

On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.

On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.

The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.

While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.

The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.

In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.

This is the EU law that gives registrants more control over the privacy of their personal data.

Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.

About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.

Big changes at DomainTools as privacy law looms

Kevin Murphy, January 11, 2018, Domain Services

Regular users of DomainTools should expect significant changes to their service, possibly unwelcome, as the impact of incoming European Union privacy law begins to be felt.

Professional users such as domain investors are most likely to be impacted by the changes.

The company hopes to announce how its services will be rejiggered to comply with the General Data Protection Regulation in the next few weeks, probably in February, but CEO Tim Chen spoke to DI yesterday in general terms about the law’s possible impact.

“There will be changes to the levels of service we offer currently, especially to any users of DomainTools that are not enterprises,” Chen said.

GDPR governs how personal data on EU citizens is captured, shared and processed. It deals with issues such as customer consent, the length of time such data may be stored, and the purposes for which it may be processed.

Given that DomainTools’ entire business model is based on capturing domain registrants’ contact information without their explicit consent, then storing, processing and sharing that data indefinitely, it doesn’t take a genius to work out that the new law represents a possibly existential threat.

But while Chen says he’s “very concerned” about GDPR, he expects the use cases of his enterprise customers to be protected.

DomainTools no longer considers itself a Whois company, Chen said, it’s a security services company now. Only about 20% of its revenue now comes from the $99-a-month customers who pay to access services such as reverse Whois and historical Whois queries.

The rest comes from the 500-odd enterprise customers it has, which use the company’s data for purposes such as tracking down network abuse and intellectual property theft.

DomainTools is very much aligned here with the governments and IP lawyers that are pressing ICANN and European data protection authorities to come up with a way Whois data can still be made available for these “legitimate purposes”.

“We’re very focused on our most-important goal of making sure the cyber security and network security use cases for Whois data are represented in the final discussions on how this legislation is really going to land,” he said.

“There needs to be some level of access that is retained for uses that are very consistent with protecting the very constituents that this legislation is trying to protect from a privacy perspective,” he said.

The two big issues pressing on Chen’s mind from a GDPR perspective are the ability of the company to continue to aggregate Whois records from hundreds of TLDs and thousands of registrars, and its ability to continue to provide historical, archived Whois records — the company’s most-popular product after vanilla Whois..

These are both critical for customers responding to security issues or trying to hunt down serial cybersquatters and copyright infringers, Chen said.

“[Customers are] very concerned, because their ability to use this data as part of their incident response is critical, and the removal of the data from that process really does injure their ability to do their jobs,” he said.

How far these use cases will be protected under GDPR is still an open question, one largely to be determined by European DPAs, and DomainTools, like ICANN the rest of the domain industry, is still largely in discussion mode.

“Part of what we need to help DPAs understand is: how long is long enough?” Chen said. “Answering how long this data can be archived is very important.”

ICANN was recently advised by its lawyers to take its case for maintaining Whois in as recognizable form as possible to the DPAs and other European privacy bodies.

And governments, via the Governmental Advisory Committee, recently urged ICANN to continue to permit Whois access for “legitimate purposes”.

DomainTools is in a different position to most of the rest of the industry. In terms of its core service, it’s not a contracted party with ICANN, so perhaps will have to rely on hoping whatever the registries and registrars work out will also apply to its own offerings.

It’s also different in that it has no direct customer relationship with the registrants whose data it processes, nor does it have a contractual relationship with the companies that do have these customer relationships.

This could make the issue of consent — the right of registrant to have a say in how their data is processed and when it is deleted — tricky.

“We’re not in a position to get consent from domain owners to do what we do,” Chen said. “I think where we need to be more thoughtful is whether DomainTools needs to have a process where people can opt out of having their data processed.”

“When I think about consent, it’s not on the way in, because we just don’t have a way to do that, it’s allowing a way out… a mechanism where people can object to their data being processed,” he said.

How DomainTools’ non-enterprise customers and users will be affected should become clear when the company outlines its plans in the coming weeks.

But Chen suggested that most casual users should not see too much impact.

“The ability of anyone who has an interest in using Whois data, who needs it every now and then, for looking up a Whois record of a domain because they want to buy it as a domain investor for example, that should still be very possible after GDPR,” he said.

“I don’t think GDPR is aimed at individual, one-at-a-time use cases for data, I think it’s aimed at scalable abuse of the data for bad purposes,” he said.

“If you’re running a business in domain names and you need to get Whois at significant scale, and you need to evaluate that many domains for some reason, that’s where the impact may be,” he said.

Disclosure: I share a complimentary DomainTools account with several other domain industry bloggers.

Get a free ticket to NamesCon here

Kevin Murphy, January 5, 2018, Domain Services

NamesCon, the annual domain name industry conference, runs in Las Vegas at the end of the month, and DI has five free tickets to give away to readers.

The catch: only people who have never been to NamesCon before are eligible. It’s a strictly n00bs-only giveaway.

NamesCon starts January 28 and runs for three days at the Tropicana Hotel in Las Vegas.

Kicking off the show, in surely one of life’s “together at last” moments, Andrew Allemann of Domain Name Wire will sit down for a live interview with David Ellefson, founder of the metal band Megadeth. It’s probably going to be one of those “you had to be there” experiences.

There’s a strong focus on blockchain and cryptocurrency this year, given the interest many domainers are showing in this area as a new investment opportunity.

But the agenda is made up of the usual mix of industry experts discussing themes such as domain investment, web site development, branding, intellectual property and the like.

There’s even a Women In Domaining Dinner, where women can discuss whether it’s worth investing in .makeup and .horse domains, and a Christian Domainers’ Breakfast, where followers of Our Lord can eat bacon in peace and prevaricate on why greed is definitely not as bad as the Bible unambiguously states it is.

It’s usually a pretty good show with a good turn-out. The networking opportunities alone make it worth a trip.

To claim one of the five complimentary conference passes, simply leave a comment on this blog post stating clearly that you want one, and complete this sentence in 10,000 words or fewer:

I want to spend three nights away from my partner in Las Vegas because…

Use a functioning email address or I won’t be able to send you the ticket details.

The first five people to leave a qualifying comment get a ticket each.

It should go without saying that this ticket only gets you into the conference itself. How you get to Vegas and where you sleep when you get there is your problem.

Again, and I can’t stress this enough, if you’ve been to NamesCon before you’re not eligible for this competition. That’s NamesCon’s rule, not mine, so no arguing.

In the unlikely event that all five tickets have gone by the time you read this post, you may want to check out some of my co-conspirators at other domain community blogs, several of which I gather also have tickets to give away today.