ICANN is to spend its half-billion dollar auction war chest on a buyback program for failing new gTLDs, DI can reveal.
Inspired by the “Cash for Clunkers” program that provided stimulus during the economic downturn in the US a decade ago, the new program will see ICANN offer $1 million per gTLD to any registry whose heart simply isn’t in it any more.
The scheme will work rather like a stock buyback, ICANN explained in a 489-page document (PDF).
Registries opting to sell back their gTLDs will see their strings abruptly removed from the DNS root and their contracts torn up and burned on a great big bonfire.
Any domains registered in these gTLDs will stop resolving to parking pages immediately.
“We believe this program offers the most equitable distribution of auction funds and the fairest way to ensure new gTLD program participants see a return on their investment,” ICANN chair Steve Crocker said in a statement.
Portfolio registries including Donuts, Uniregistry, MMX, Radix and XYZ.com are already believed to have expressed an interest in the scheme, and were already forming a disorderly queue outside ICANN’s Los Angeles headquarters last night.
While Verisign also qualifies for the program, much of the funding will be provided by the $130 million it spent at the .web auction.
The company said it welcomed the deal and plans to sell .web back to ICANN as soon as possible. It added that it will cover the $129 million loss by fueling its data center generators with ten-dollar bills, rather than twenties, for the first three weeks of April.
But registrant groups were outraged by the proposal, which will see millions of domain names erased from the internet.
Dr General President Colonel Lucky Mfwamba (Esq), chair of the New gTLD Registrants Association, said he expects the bottom to fall out of the penis enlargement market overnight.
And in China, thousands of domain investors flocked to forums to complain that the randomly generated domains they bought at $0.20 each and hoped to sell to other investors for $0.30 each are suddenly worthless.
If you were a user of ICANN’s Centralized Zone Data Service back in 2014 you may wish to think about changing some passwords today.
ICANN has confirmed that a bunch of user names and hashed passwords that were stolen in November 2014 have turned up for sale on the black market.
The batch reportedly contains credentials for over 8,000 users.
ICANN said yesterday:
ICANN recently became aware that some information obtained in the spear phishing incident we announced in 2014 is being offered for sale on underground forums. Our initial assessment is that it is old data and that no new breach of our systems has occurred. The data accessed in the 2014 incident breach included usernames and hashed passwords for our Centralized Zone Data System (CZDS). Once the theft was discovered, we reset all user passwords, and urged users to do the same for any other accounts where they used the same passwords.
While CZDS users have all presumably already changed their CZDS passwords, if they are still using that same password for a non-CZDS web site they may want to think about changing it.
ICANN first announced the hack back in December 2014.
It said at the time that the Government Advisory Committee’s wiki, and a selection of other less interesting pages, had also been compromised.
The attackers got in after a number of ICANN staffers fell for a spear-phishing attack — a narrowly targeted form of phishing that was specifically aimed at them.
If you email with ICANN staff with any regularity you will have noticed that for the last several months your email subject lines get prefixed [EXTERNAL] before the staffer receives them.
That’s to help avoid this kind of attack being successful again.
The domain drop-catching arms race is heating up, with budget player Pheenix this week acquiring 300 more registrar accreditations from ICANN.
According to DI records, the company now has almost 500 registrar accreditations in its family.
More accreditations means more registry connections with which to attempt to acquire expired domains as they return to the available pool.
It also means that Pheenix’s dropnet (a word I just made up that sounds a bit like “botnet” in a pathetic attempt to coin a term for once in my career) is now a bit bigger than that of Web.com, the registrar pool behind Namejet and SnapNames.
It’s still a long way behind TurnCommerce, owner of DropCatch, which two weeks ago added a whopping 500 new accreditations, bringing its total to over 1,250.
An extra 300 accreditations would have cost Pheenix over $1 million in up-front ICANN fees and will incur ongoing fixed annual fees in excess of $1.2 million.
Go Daddy VP of domains Rich Merdinger has been appointed interim chair of the Domain Name Association, replacing Neustar’s Adrian Kinderis.
In a blog post, Merdinger said the DNA will become more “vocal” under its new leadership and outlined three priorities for 2017 — awareness, adoption and access.
He said the DNA will share ways businesses can pursue a strategy of “blending” TLD types in their online activities, promote domains as search engine optimization tools, and make it easier for DNA members to participate.
There will be a new series of DNA Virtual Town Hall meetings to facilliate communication. Merdinger wrote:
Expect to see a more vocal DNA – whether it is at the next virtual town hall or learning about new research on domain name strategies and their business impact. As Interim Chair, I will be working with our leadership team on ways to spotlight how domain names are being used strategically and tactically to support business objectives in 2017 and beyond.
He replaces Kinderis, formerly CEO of AusRegistry/ARI/Bombora, who is now, post-acquisition, VP of corporate development at Neustar.
Kinderis, DNA’s founding chair in April 2013, will remain on the DNA’s board of directors, representing Neustar.
It’s interesting that Merdinger’s appointment to chair is being linked with the DNA becoming more “vocal”.
While Merdinger certainly isn’t a shrinking violet, Kinderis, I’m sure he wouldn’t mind me saying, is one of the bluntest, mouthiest guys in the industry.
That said, GoDaddy has name recognition and has proven to be a bit of a headline magnet over the last decade or so.
It surely has a higher profile among would-be registrants — a big part of the DNA’s audience — than Neustar, which isn’t primarily a domain name company or even necessarily primarily an internet company.
The DNA will continue to operate without an in-house staff, having dumped its second executive director earlier this year in favor of outsourcing to a trade group management company, to cut costs.
Amazon has reversed, at least temporarily, its decision to yank its free list of the world’s most popular domains, after an outcry from researchers.
The daily Alexa list, which contains the company’s estimate of the world’s top 1 million domains by traffic, suddenly disappeared late last week.
The list was popular with researchers in fields such as internet security. Because it was free, it was widely used.
DI PRO uses the list every day to estimate the relative popularity of top-level domains.
After deleting the list, Amazon directed users to its Amazon Web Services portal, which had started offering the same data priced at $0.0025 per URL.
That’s not cheap. The cost of obtaining same data suddenly leaped from nothing to $912,500 per year, or $2,500 per day.
That’s beyond the wallets, I suspect, of almost every Alexa user, especially the many domain name tools providers (including yours truly) that relied on the data to estimate domain popularity.
Even scaling back usage to the top 100,000 URLs would be prohibitively expensive for most researchers.
While Amazon is of course free to price its data at whatever it thinks it is worth, no notice was given that the file was to be deleted, scuppering without warning goodness knows how many ongoing projects.
Some users spoke out on Twitter.
The quiet death of the @Alexa_Support top million sites is a grievous blow to internet researchers everywhere. $2500 per pull now.
— April King (@aprilmpls) November 21, 2016
Removing the top 1M list is a HUGE mistake. It was extremely useful to assess the impact of new security vulnerabilities. 🙁 @Alexa_Support
— Benjamin Beurdouche (@beurdouche) November 22, 2016
@Alexa_Support I'm disappointed, but I hope you reconsider. The Top 1M list is a standard reference in research. It's simply irreplaceable.
— Santiago Zanella (@xEFFFFFFF) November 22, 2016
I spent most of yesterday figuring out how to quickly rejigger DI PRO to cope with the new regime, but it seems I may have been wasting my time.
After an outcry from fellow researchers, Amazon has restored the free list. It said on Twitter:
Thanks to customer feedback, the top 1M sites is temporarily available again. We’ll provide notice before updating the file in the future
— Alexa Support (@Alexa_Support) November 22, 2016
It seems clear that the key word here is “temporarily”, and that the the restoration of the file may primarily be designed to give researchers more time to seek alternatives or wrap up their research.