Latest news of the domain name industry

Recent Posts

No more free transfers in Denmark

Kevin Murphy, December 12, 2018, Domain Services

The Danish ccTLD registry has announced that it is to introduce a charge for .dk transfers for the first time in January.

From the start of 2019, transfers between registrants will cost DKK 50 (about $7.50), DK Hostmaster said today.

Currently, transfers are free.

It appears that the new fee will be levied on the gaining registrant.

DK Hostmaster said that the fee is to cover “administrative costs”.

.dk has about 1.3 million domains under management.

ICANN outs two more deadbeat new gTLDs

Kevin Murphy, December 12, 2018, Domain Services

ICANN has published breach notices it has sent to two more new gTLD registries, which it says have failed to pay their quarterly accreditation fees.

One is a dot-brand, the other is not.

The brand is the Arabic اتصالات . (.xn--mgbaakc7dvf), managed by Emirati telecommunications powerhouse Etisalat.

With about $14 billion of annual revenue, no domains other than its obligatory NIC site, and an allegedly non-functioning contact phone number, it appears the UAE-based company may simply have forgotten its dot-brand exists.

The other registry allegedly in breach is Desi Networks, the US-based company that targets .desi at people hailing from the Indian subcontinent.

While it’s been on the market for over four years, and has an addressable market of over a billion people, .desi has failed to claw together much more than 3,700 domains under management.

I thought it would have performed better. The ccTLD for India has over two million domains, and the country has a thriving domain market.

With a retail price in the region of $20 per year, it’s easy to see why the .desi may be having trouble scraping together the $6,250 quarterly flat fee ICANN registry contracts demand.

Desi Networks also commits on its web site to donate some portion of its reg fees to worthy causes in the South Asian region, which was probably optimistic with hindsight.

ICANN first sent notices of late payment to both registries in September, but did not receive the requested money.

Both have until the first week of January to pay up, or ICANN will initiate termination proceedings.

Uniregistry calls for domain Bill of Rights as Schilling says Gab.com was not booted

Kevin Murphy, November 9, 2018, Domain Services

Uniregistry has called for a “Domain Bill of Rights” to protect free speech in a world were domain takedowns can be used to de-platform controversial speakers.

Meanwhile, CEO Frank Schilling has told DI that the company did not expel the right-wing social network Gab.com from Uniregistry’s platform, and would have allowed it to stay.

In a press release this week, Uniregistry COO Kanchan Mhatre said that while the company rejects “hatred and bigotry”, free speech is an “inalienable” human right.

The company called for the new agreement “to guarantee every domain name owner a formal ‘due process’ when being faced with accusations and demands for censorship”.

Schilling said that Uniregistry’s idea for a Domain Bill of Rights is still in the early stages. It has sketched out 10 draft bullet points but is not ready to publish them yet.

The press release was issued to coincide with Tim Berners-Lee’s proposal for a “Contract for the Web”, a set of broad principles governing rights and responsibilities online.

But it also coincided with the ongoing controversy over Gab.com, the microblogging platform favored by right-wing voices, including many white supremacists, that have been kicked off Twitter.

The guy who murdered 11 people at a Synagogue in Pittsburgh last month used Gab, a back-breaking straw which prompted GoDaddy to inform the network it intended to suspend its domain unless it was immediately moved to another registrar.

It’s not the first time GoDaddy has shut down the far right for breaching its terms of service. Last year, it took the same action against a neo-Nazi site.

The Gab.com domain briefly wound up at Uniregistry, before Epik CEO Rob Monster stated publicly that he would offer Gab a home. Gab took him up on his offer, and transferred away from Uniregistry.

Uniregistry’s Schilling confirmed that “We did not ask gab.com to leave our platform… they were welcome to stay subject to law”.

Monster said in a blog post largely praising Gab and founder Andrew Torba that “De-Platforming is Digital Censorship”. He noted that for Gab, “there is a duty to monitor and lightly curate, keeping content within the bounds of the law”.

This is how AppDetex works

Kevin Murphy, October 25, 2018, Domain Services

A small brand-protection registrar with a big friend caused quite a stir at ICANN 63 here in Barcelona this week, after accusing registrars for the second time of shirking their duties to disclose private Whois data to trademark owners.

AppDetex, which has close ties to Facebook, has sent something like 9,000 Whois requests to registrars over the last several months, then complained to ICANN last week that it only got a 3% response rate.

Registrars cried foul, saying that the company’s requests are too vague to action and sometimes seem farcical, suggesting an indiscriminate, automated system almost designed to be overly burdensome to them.

In chats with DI this week, AppDetex CEO Faisal Shah, general counsel Ben Milam and consultant Susan Kawaguchi claimed that the system is nowhere near as spammy as registrars think, then showed me a demo of their Whois Requester product that certainly seemed to support that claim.

First off, Whois Requester appears to be only partially automated.

Tucows had noted in a letter to ICANN that it had received requests related to domains including lincolnstainedglass.com and grifflnstafford.com, which contain strings that look a bit like the “Insta” trademark but are clearly not cybersquatting.

“That no human reviewed these domains was obvious, as the above examples are not isolated,” Tucows CEO Elliot Noss wrote.

“It is abundantly clear to us that the requests we received were generated by an automated system,” Blacknight CEO Michele Neylon, who said he had received similarly odd requests, wrote in his own letter.

But, according to AppDetex, these assumptions are not correct.

Only part of its service is automated, they said. Humans — either customers or AppDetex in-house “brand analysts” — were involved in sending out all the Whois requests generated via its system.

AppDetex itself does not generate the lists of domains of concern for its clients, they said. That’s done separately, using unrelated tools, by the clients themselves.

It’s possible these could be generated from zone files, watch services, abuse reports or something else. The usage of the domain, not just its similarity to the trademark in question, would also play a role.

Facebook, for example, could generate its own list of domains that contain strings matching, partially matching, or homographically similar to its trademarks, then manually input those domains into the AppDetex tool.

The product features the ability to upload lists of domains in bulk in a CSV file, but Kawaguchi told me this feature has never been used.

Once a domain has been input to main Whois Requester web form, a port 43 Whois lookup is automatically carried out in the background and the form is populated with data such as registrar name, Whois server, IANA number and abuse email address.

At this point, human intervention appears to be required to visually confirm whether the Whois result has been redacted or not. This might require also going to the registrar’s web-based Whois, as some registrars return different results over port 43 compared to their web sites.

If a redacted record is returned, users can then select the trademark at issue from a drop-down (Whois Requestor stores its’ customers trademark information) and select a “purpose” from a different drop-down.

The “purposes” could include things like “trademark investigation” or “phishing investigation”. Each generates a different piece of pre-written text to be used in the template Whois request.

Users can then choose to generate, manually approve, and send off the Whois request to the relevant registrar abuse address. The request may have a “form of authorization” attached — a legal statement that AppDetex is authorized to ask for the data on behalf of its client.

Replies from registrars are sent to an AppDetex email address and fed into a workflow tool that looks a bit like an email inbox.

As the demo I saw was on the live Whois Requester site with a dummy account, I did not get a view into what happens after the initial request has been sent.

Registrars have complained that AppDetex does not reply to their responses to these initial requests, which is a key reason they believe them frivolous.

Shah and Milam told me that over the last several months, if a registrar reply has included a request for additional information, the Whois Requester system has been updated with a new template for that registrar, and the request resent.

This, they said, may account for duplicate requests registrars have been experiencing, though two registrars I put this to dispute whether it fits with what they’ve been seeing.

The fact that human review is required before requests are sent out “just makes it worse”, they also said.

DomainTools tracks its one billionth domain

Kevin Murphy, August 10, 2018, Domain Services

DomainTools now has records of over a billion domain names in its database, according to the company.

The billionth name was added last month, according to a blog post.

The company notes that there are only about 350 million domains in existence today, meaning that twice as many domains have been deleted and never re-registered as are currently online.

For .com, DomainTools knows of 434 million domains that no longer exist, compared to the over 130 million registered today.

Even DomainTools, which has been collecting data for 17 years, knows its records are incomplete, but it reckons its number is probably within 10% of the total number of domains ever registered.

For new gTLDs, the one with the most deleted names is .realty (97% deleted) and the best is .boston (0.3% deleted), the company said.

More data here.