Latest news of the domain name industry

Recent Posts

ICANN outs two more deadbeat new gTLDs

Kevin Murphy, December 12, 2018, Domain Services

ICANN has published breach notices it has sent to two more new gTLD registries, which it says have failed to pay their quarterly accreditation fees.

One is a dot-brand, the other is not.

The brand is the Arabic اتصالات . (.xn--mgbaakc7dvf), managed by Emirati telecommunications powerhouse Etisalat.

With about $14 billion of annual revenue, no domains other than its obligatory NIC site, and an allegedly non-functioning contact phone number, it appears the UAE-based company may simply have forgotten its dot-brand exists.

The other registry allegedly in breach is Desi Networks, the US-based company that targets .desi at people hailing from the Indian subcontinent.

While it’s been on the market for over four years, and has an addressable market of over a billion people, .desi has failed to claw together much more than 3,700 domains under management.

I thought it would have performed better. The ccTLD for India has over two million domains, and the country has a thriving domain market.

With a retail price in the region of $20 per year, it’s easy to see why the .desi may be having trouble scraping together the $6,250 quarterly flat fee ICANN registry contracts demand.

Desi Networks also commits on its web site to donate some portion of its reg fees to worthy causes in the South Asian region, which was probably optimistic with hindsight.

ICANN first sent notices of late payment to both registries in September, but did not receive the requested money.

Both have until the first week of January to pay up, or ICANN will initiate termination proceedings.

Uniregistry calls for domain Bill of Rights as Schilling says Gab.com was not booted

Kevin Murphy, November 9, 2018, Domain Services

Uniregistry has called for a “Domain Bill of Rights” to protect free speech in a world were domain takedowns can be used to de-platform controversial speakers.

Meanwhile, CEO Frank Schilling has told DI that the company did not expel the right-wing social network Gab.com from Uniregistry’s platform, and would have allowed it to stay.

In a press release this week, Uniregistry COO Kanchan Mhatre said that while the company rejects “hatred and bigotry”, free speech is an “inalienable” human right.

The company called for the new agreement “to guarantee every domain name owner a formal ‘due process’ when being faced with accusations and demands for censorship”.

Schilling said that Uniregistry’s idea for a Domain Bill of Rights is still in the early stages. It has sketched out 10 draft bullet points but is not ready to publish them yet.

The press release was issued to coincide with Tim Berners-Lee’s proposal for a “Contract for the Web”, a set of broad principles governing rights and responsibilities online.

But it also coincided with the ongoing controversy over Gab.com, the microblogging platform favored by right-wing voices, including many white supremacists, that have been kicked off Twitter.

The guy who murdered 11 people at a Synagogue in Pittsburgh last month used Gab, a back-breaking straw which prompted GoDaddy to inform the network it intended to suspend its domain unless it was immediately moved to another registrar.

It’s not the first time GoDaddy has shut down the far right for breaching its terms of service. Last year, it took the same action against a neo-Nazi site.

The Gab.com domain briefly wound up at Uniregistry, before Epik CEO Rob Monster stated publicly that he would offer Gab a home. Gab took him up on his offer, and transferred away from Uniregistry.

Uniregistry’s Schilling confirmed that “We did not ask gab.com to leave our platform… they were welcome to stay subject to law”.

Monster said in a blog post largely praising Gab and founder Andrew Torba that “De-Platforming is Digital Censorship”. He noted that for Gab, “there is a duty to monitor and lightly curate, keeping content within the bounds of the law”.

This is how AppDetex works

Kevin Murphy, October 25, 2018, Domain Services

A small brand-protection registrar with a big friend caused quite a stir at ICANN 63 here in Barcelona this week, after accusing registrars for the second time of shirking their duties to disclose private Whois data to trademark owners.

AppDetex, which has close ties to Facebook, has sent something like 9,000 Whois requests to registrars over the last several months, then complained to ICANN last week that it only got a 3% response rate.

Registrars cried foul, saying that the company’s requests are too vague to action and sometimes seem farcical, suggesting an indiscriminate, automated system almost designed to be overly burdensome to them.

In chats with DI this week, AppDetex CEO Faisal Shah, general counsel Ben Milam and consultant Susan Kawaguchi claimed that the system is nowhere near as spammy as registrars think, then showed me a demo of their Whois Requester product that certainly seemed to support that claim.

First off, Whois Requester appears to be only partially automated.

Tucows had noted in a letter to ICANN that it had received requests related to domains including lincolnstainedglass.com and grifflnstafford.com, which contain strings that look a bit like the “Insta” trademark but are clearly not cybersquatting.

“That no human reviewed these domains was obvious, as the above examples are not isolated,” Tucows CEO Elliot Noss wrote.

“It is abundantly clear to us that the requests we received were generated by an automated system,” Blacknight CEO Michele Neylon, who said he had received similarly odd requests, wrote in his own letter.

But, according to AppDetex, these assumptions are not correct.

Only part of its service is automated, they said. Humans — either customers or AppDetex in-house “brand analysts” — were involved in sending out all the Whois requests generated via its system.

AppDetex itself does not generate the lists of domains of concern for its clients, they said. That’s done separately, using unrelated tools, by the clients themselves.

It’s possible these could be generated from zone files, watch services, abuse reports or something else. The usage of the domain, not just its similarity to the trademark in question, would also play a role.

Facebook, for example, could generate its own list of domains that contain strings matching, partially matching, or homographically similar to its trademarks, then manually input those domains into the AppDetex tool.

The product features the ability to upload lists of domains in bulk in a CSV file, but Kawaguchi told me this feature has never been used.

Once a domain has been input to main Whois Requester web form, a port 43 Whois lookup is automatically carried out in the background and the form is populated with data such as registrar name, Whois server, IANA number and abuse email address.

At this point, human intervention appears to be required to visually confirm whether the Whois result has been redacted or not. This might require also going to the registrar’s web-based Whois, as some registrars return different results over port 43 compared to their web sites.

If a redacted record is returned, users can then select the trademark at issue from a drop-down (Whois Requestor stores its’ customers trademark information) and select a “purpose” from a different drop-down.

The “purposes” could include things like “trademark investigation” or “phishing investigation”. Each generates a different piece of pre-written text to be used in the template Whois request.

Users can then choose to generate, manually approve, and send off the Whois request to the relevant registrar abuse address. The request may have a “form of authorization” attached — a legal statement that AppDetex is authorized to ask for the data on behalf of its client.

Replies from registrars are sent to an AppDetex email address and fed into a workflow tool that looks a bit like an email inbox.

As the demo I saw was on the live Whois Requester site with a dummy account, I did not get a view into what happens after the initial request has been sent.

Registrars have complained that AppDetex does not reply to their responses to these initial requests, which is a key reason they believe them frivolous.

Shah and Milam told me that over the last several months, if a registrar reply has included a request for additional information, the Whois Requester system has been updated with a new template for that registrar, and the request resent.

This, they said, may account for duplicate requests registrars have been experiencing, though two registrars I put this to dispute whether it fits with what they’ve been seeing.

The fact that human review is required before requests are sent out “just makes it worse”, they also said.

DomainTools tracks its one billionth domain

Kevin Murphy, August 10, 2018, Domain Services

DomainTools now has records of over a billion domain names in its database, according to the company.

The billionth name was added last month, according to a blog post.

The company notes that there are only about 350 million domains in existence today, meaning that twice as many domains have been deleted and never re-registered as are currently online.

For .com, DomainTools knows of 434 million domains that no longer exist, compared to the over 130 million registered today.

Even DomainTools, which has been collecting data for 17 years, knows its records are incomplete, but it reckons its number is probably within 10% of the total number of domains ever registered.

For new gTLDs, the one with the most deleted names is .realty (97% deleted) and the best is .boston (0.3% deleted), the company said.

More data here.

Can’t get enough GDPR? Come to my NamesCon panel

Kevin Murphy, June 4, 2018, Domain Services

NamesCon Europe is being held in Valencia, Spain, this week, the first time the NamesCon branding has been applied to the old Domaining Europe show.

Starting Thursday, it’s a two-day conference — or three if you count the social events planned for Saturday — with a varied agenda focused on domain investors.

The keynote will be given by Akram Atallah, president of ICANN’s Global Domains Division, on a so-far unspecified topic.

There will be about 20 sessions in total, organized in a single track and covering topics such as valuation, monetization, drop-catching, web development and legal issues facing domainers.

Expect speakers from the likes of Donuts, Sedo, the new gTLDs .club and .global, and a bunch of companies I’ve never heard of (a fact I hope to rectify).

Staff from NamesCon owner GoDaddy also have a decent presence among the speakers.

Domaining Europe was sold to NamesCon earlier this year and there’s going to be a short “handover ceremony” at the end of the show, followed by a performance by a band whose lineup feature the conference’s new CEO.

I’ll be hosting a panel comprising Blacknight CEO Michele Neylon and German lawyer Thomas Rickert on the General Data Protection Regulation on Thursday just before lunch.

If you no longer wish me to tell you this, please click here. But if, as a domainer, you feel there are important GDPR issues that should be discussed at the session, feel free to leave a comment below or shoot me an email.

As usual with shows like this, a big part of the value is in the networking, and there’s plenty of opportunities for socializing scheduled, including a “Disco Party!” slated to end at 5am.

NamesCon Europe tickets are still available, priced now at €786.50 ($922).

Disclosure: I’m paying my own way to the show but have a complimentary press pass.

Sedo’s cunning GDPR workaround

Kevin Murphy, May 23, 2018, Domain Services

With full Whois records set to disappear from public view for most domain names this Friday, auction house Sedo has had to resort to some technical trickery to enable its users to prove they own the domains they list for sale.

Until now, when listing a domain at Sedo, the company has checked whether the Whois record matches the data it has on file for the customer.

With that no longer possible in many cases, Sedo told users yesterday it instead wants them make updates to their DNS records, which will obviously remain public data post-GDPR.

Sedo will give each customer a personal identification number, which they will have to add to the all-purpose TXT field of their domain’s DNS record.

That’s a fairly straightforward process at most registrars, though volume domainers had better hope their registrar of choice allows DNS changes to be made in bulk.

Sedo’s calling the process “Owner Self-Verification”.

Customers who do not use the system will have to wait three business days before their names are verified. Sedo said it will manually spot-check domains and may ask for other forms of proof of ownership.

UPDATE: Many thanks to all the people on Twitter telling me this system has been in place for years. You’re all very clever. Your cookies/cigars are in the mail.

NamesCon dumps the Trop, eyeing beaches for 2020

Kevin Murphy, May 14, 2018, Domain Services

GoDaddy-owned annual domain industry conference NamesCon has decided to ditch Las Vegas after its 2019 event.

The show is now looking for ideas for a new location close to a beach, according to a post on its web site.

The January event next year will be held at the Tropicana hotel on the Vegas strip, for the sixth year running, but NamesCon said:

if you have any city/venue suggestions you’d like to throw in the hat for NamesCon Global 2020, send them our way! Here’s a hint to steer you in the right direction: we’re looking to be leaving Las Vegas, and we’d love to sink our feet into a sandy beach somewhere…

The current industry thinking is either Florida or California.

The change comes following feedback from attendees at this year’s show, who seem to think the Trop is a little pokey (it is) with crappy food options (also true, particularly if you’re a picky eater like me).

On the other hand, the hotel is also cheap as chips, so NamesCon is looking for somewhere new that is just as affordable for 2020 and beyond.

NamesCon is promising to “send ourselves off in style” at the 2019 show, which runs January 27 to 30.

As a matter of disclosure, I’ve agreed to moderate a panel at sister event NamesCon Europe in Spain next month. I’m not being compensated beyond a complementary media pass.

Cybersquatting cases up because of .com

Kevin Murphy, March 23, 2018, Domain Services

The World Intellectual Property Organization handled cybersquatting cases covering almost a thousand extra domain names in 2017 over the previous year, but almost all of the growth came from complaints about .com names, according to the latest WIPO stats.

There were 3,074 UDRP cases filed with WIPO in 2017, up about 1.2% from the 3,036 cases heard in 2016, WIPO said in its annual roundup last week.

That’s slower growth than 2016, which saw a 10% increase in cases over the previous year.

But the number domains complained about in UDRP was up more sharply — 6,370 domains versus 5,374 in 2016.

WIPO graph

WIPO said that 12% of its 2017 cases covered domains registered in new gTLDs, down from 16% in 2016.

If you drill into its numbers, you see that 3,997 .com domains were complained about in 2017, up by 862 domains or 27% from the 3,135 seen in 2016.

.com accounted for 66% of UDRP’d domains in 2016 and 70% in 2017. The top four domains in WIPO’s table are all legacy gTLDs.

As usual when looking at stats for basically anything in the domain business in the last few years, the tumescent rise and meteoric fall of .xyz and .top have a lot to say about the numbers.

In 2016, they accounted for 321 and 153 of WIPO’s UDRP domains respectively, but they were down to 66 and 24 domains in 2017.

Instead, three Radix TLDs — .store, .site and .online — took the honors as the most complained-about new gTLDs, with 98, 79, and 74 domains respectively. Each of those three TLDs saw dozens more complained-about domains in 2017 than in 2016.

As usual, interpreting WIPO’s annual numbers requires caution for a number of reasons, among them: WIPO is not the only dispute resolution provider to handle UDRP cases, rises and falls in UDRP filings do not necessarily equate to rises and falls in cybersquatting, and comparisons between .com and new gTLDs do not take into account that new gTLDs also have the URS as an alternative dispute mechanism.

Donuts releases free TLD-neutral name-spinner

Kevin Murphy, January 24, 2018, Domain Services

Donuts has announced the release of a free name-spinner tool for registrars and resellers.

Relevant Name Search, found at rns.domains, isn’t a destination site in itself, but will be free for registrars to integrate into their storefronts.

The company said it’s been in beta testing with eNom, Dreamhost, Dynadot and Name.com, with eNom using it for over a year.

The service recalls something similar released by Verisign.

However, unlike the Verisign NameStudio tool, Donuts said RNS is “registry-neutral”, meaning it’s not designed to plug its own portfolio of TLDs over those from other registries.

I subjected the service to a quick, non-scientific test today and found the results much more semantically relevant than the Verisign tool, which only returns .com, .net and .cc results.

When I used NameStudio in November to search for “vodka”, my best offering was dogvodka.com. With RNS, I was offered the likes of vodka.bar, vodka.rocks, vodka.party, vodka.social and vodka.trade (all of which appear to carry premium pricing).

While Verisign offered me funattorney.com on a search for “attorney”, Donuts offered up attorney.lawyer, attorney.lgbt and attorney.blog.

RNS does not ignore legacy gTLDs, however. Doing a search for something a little more niche will bring up .com and .net domains, appropriately (in my view) ranked.

Search for “birmingham taxi” and you’ll get three relevant .limo domains (yeah, .limo exists, apparently) before birminghamtaxi.net.

Similarly, if you want to open up a pizza place in Cardiff, search for “cardiff pizza” and you’ll get offered cardiff.pizza, cardiffpizza.menu, cardiffpizza.restaurant, cardiffpizza.cafe and cardiffpizza.delivery before you get to cardiffpizza.com.

Many domain investors would say that the .com is unarguably the superior domain (it’s also unregistered and non-premium), but even those people would have to admit that the five more prominent suggestions have more semantic relevance.

Donuts said that RNS is configurable to take into account TLD-specific promotions, geography and marketing campaigns, and that it can be integrated with a single API call.

DomainTools scraps apps and APIs in war on spam

Kevin Murphy, January 22, 2018, Domain Services

DomainTools is to scrap at least five of its services as it tries to crack down spam.

It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.

CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.

The iOS app will no longer be supported after February 20th.

The Developer API is no longer supported.

On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.

On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.

The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.

While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.

The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.

In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.

This is the EU law that gives registrants more control over the privacy of their personal data.

Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.

About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.