Latest news of the domain name industry

Recent Posts

.music update: I’m calling it for Costa

Kevin Murphy, April 10, 2019, Domain Registries

Amazon has pulled out of the fight for the .music gTLD, and I’m ready to call the race.

In full knowledge that this could be my “Dewey Defeats Truman” moment, it seems to me the balance of evidence right now is strongly pointing to a win for DotMusic over sole remaining rival bidder MMX.

The contention set originally had eight applicants, but six — Google, Donuts, Radix, Far Further, Domain Venture Partners and last night Amazon — have withdrawn over the last week or so.

This is a sure sign that the battle is over, and that the rights to .music have been auctioned off.

The two remaining applicants yet to withdraw are DotMusic Ltd, the Cyprus-based company founded and managed by music enthusiast and entrepreneur Constantinos Roussos, and Entertainment Names Inc, a joint venture managed by MMX (aka Minds + Machines).

One of them will withdraw its application soon, and my money’s on MMX.

Neither company will talk to me about the result.

But, as I observed Monday, DotMusic has recently substantially revamped its web site, and appears to be accepting “pre-registrations” for .music domains. These are not the actions of a loser.

MMX, on the other hand, has never shared Roussos’ public enthusiasm for .music and has never been particularly enthusiastic about winning private gTLD auctions, usually preferring instead to enjoy the proceeds of losing.

There are only two wildcard factors at play here that may soon make me look foolish.

First, the joint venture partner for Entertainment Names is an unknown quantity. Its two directors, listed in its .music application, are a pair of Hollywood entertainment lawyers with no previous strong connection to the ICANN ecosystem. I’ve no idea what their agenda is.

Second, MMX did not mention .music once in the “Post Period Highlights” of its recently filed 2018 financial results statement. It did mention the resolution of the .gay and .cpa contention sets, but not .music.

That filing came out April 3, at least a few days after the contention set had been won, but I’m assuming that the tight timing and/or non-disclosure agreements are probably to blame for the lack of a mention for .music.

So, on balance, I’m calling it for Roussos.

With a bit of luck we’ll have confirmation and maybe a bit of detail about potential launch dates before the week is out.

Did Roussos pull off the impossible? Google, Donuts, Radix all drop out of .music race

Google won’t be the registry for the .music gTLD.

The company, along with pure-play registries Donuts and Radix, late last week withdrew their respective applications from the .music contention set, leaving just three possible winners in the running.

Those are Amazon, MMX, and DotMusic, the company run by long-time .music fanboy Constantinos Roussos.

As I blogged last week, applications from Domain Venture Partners and Far Further have also been withdrawn.

I suspect, but do not know for a fact, that the contention was settled with a private deal, likely an auction, recently.

The logical guess for a winner would be Amazon, if only because of the nexus of its business to the music industry and the amount of money it could throw at an auction.

But I’m beginning to suspect that DotMusic might have prevailed.

The company appears to have recently revamped its web site, almost as if it’s gearing up for a launch.

Comparing the current version of music.us to versions in Google’s cache, it appears that the site has been recently given a new look, new copy and even a new logo.

It’s even added a prominent header link inviting prospective resellers to sign up, using a form that also appears to have been added in the last few weeks.

These changes all seem to have been made after the crucial ICANN vote that threw out the last of DotMusic’s appeals, March 14.

Are those the actions of an applicant resigned to defeat, or has Roussos pulled off the apparently impossible, defeating two of the internet’s biggest companies to one of the industry’s most coveted and controversial strings?

Participants in gTLD auctions typically sign NDAs, so we’re going to have to wait a bit longer (probably no more than a few days) to find out which of the remaining three applicants actually won.

Looks like .music is finally on its way

The hard-fought battle for .music appears to be over.

I’m not yet in a position to tell you which of the eight applicants for the new gTLD has been successful, but I can tell you some of those who were not.

Two applicants have this week withdrawn their bids, an almost certain sign that the contention set has been privately settled.

The first applicant to ditch its bid was dot Music Ltd, an application vehicle of Domain Venture Partners (we used to call this outfit Famous Four Media, but that’s changed).

The other is .music LLC, also known as Far Further.

We can almost certainly expect all but one of the remaining applicants to withdraw their applications over the coming days.

Applicants typically sign NDAs when they settle contention privately, usually via an auction.

Far Further was one of two unsuccessful “community” applicants for .music. It had the backing of dozens of music trade groups, including the influential Recording Industry Association of America. Even Radiohead’s guitarist chipped in with his support.

Evidently, none of these groups were prepared to fund Far Further to the extent it could win the .music contention set.

The .music contention set has been held up by the continuing protestations of the other community applicant, DotMusic Limited, the company run by long-time .music cheerleader Constantinos Roussos.

After DotMusic lost its Community Priority Evaluation in 2016, on the basis that the “community” was pretty much illusory under ICANN rules, it started to complain that the process was unfair.

The applicant immediately filed a Request for Reconsideration with ICANN.

.music then found itself one of several proposed gTLDs frozen while ICANN conducted an outside review of alleged irregularities in the CPE process.

That review found no impropriety in early 2018, a verdict DotMusic’s lawyer dismissed as a “whitewash”.

It has since stalled the process several times with requests for information under ICANN’s Documentary Information Disclosure Policy, and more RfRs when those requests were denied.

But this series of appeals finally came to an end March 14, when ICANN’s board of directors finally ruled against DotMusic’s 2016 RfR.

That appears to have opened up the .music set for private resolution.

So who won? I don’t know yet, but the remaining applicants are: DotMusic itself, Google, Amazon, MMX, Donuts and Radix.

There are certainly two very deep-pocketed companies on that list. Could we be looking at Google or Amazon as the new proprietors of .music?

If either of those companies has won, prospective registrants might find they have a long wait before they can pick up a .music domain. Neither of these giants has a track record of rushing its new gTLDs to market.

If the victor is a conventional gTLD registry, we’d very probably be looking at a launch in 2019.

Radix sees revenue up 30%

Kevin Murphy, March 12, 2019, Domain Registries

New gTLD registry Radix said today that its revenue increased by 30% in 2018, largely due to an end-of-year boost.

The company, which runs nine gTLDs including .online and .site, said that gross revenue was $16.95 million last year.

It added that net profit was up 45.6%, but the privately held company does not actually disclose the dollar value of its bottom line.

Radix said that the fourth quarter of the year, which presumably saw the benefits of Operation September Thrust, was its strongest quarter.

The company said that 27% of its revenue came from standard-price new registrations and 60% from renewals.

Its premiums brought in $1.9 million, 56% of which were premium renewals.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.

Operation September Thrust leads to another million-domain Radix gTLD

Kevin Murphy, February 4, 2019, Domain Registries

Radix has become the first new gTLD portfolio registry to hit over one million domains in more than one TLD.

It said today that .site has crossed the seven-digit threshold, joining .online, which hit a million names in 2018.

It’s huge recent growth for .site, which had around 561,000 domains under management at the end of September.

Radix CEO Sandeep Ramchandani told DI today that the rapid uptick comes as a result of a marketing program internally code-named “September Thrust”.

This involved promotional pricing — Ramchandani said the cheapest a .site could have been obtained would be about $0.99 — and joint-marketing efforts with multiple registrars.

This mostly involved plugs on registrar home pages, email shots, and promotion in the “check availability” part of registrar storefronts, he said.

The latest transaction reports filed with ICANN show .site grew by about 120,000 DUM in October, with West.cn, NameCheap and Network Solutions (Web.com) the biggest beneficiaries.

NetSol’s .site DUM actually grew by about 10x in the month.

The $1 retail pricing was apparently available at some registrars prior to September, and continues to exist on storefronts today.

NamesCon names con speakers

Kevin Murphy, January 7, 2019, Domain Services

With NamesCon’s swansong Las Vegas show just a few weeks away, its agenda and speaker list is well on the way to being finalized.

Organizers recently announced Bhavin Turakhia, Haseeb Tariq and Richard Lau as speakers.

Turakhia, founder of Radix and several registrars, is perhaps best-known for selling Media.net for $900 million and for being one of India’s richest entrepreneurs. His Monday keynote has the tagline “Insights and Inspiration”.

Tariq recently join Fox, but his bread-and-butter has been founding and selling tech startups and high-end domain names. He’s speaking on portfolio pricing strategies.

Overall, the agenda seems to be heavy on speakers from .GLOBAL and affiliated business intelligence service provider RegistryOffice, which are sponsoring the conference.

I won’t be attending, sadly, this year, but these other sessions caught my eye on the agenda:

  • Akram Atallah is part of a panel discussion on data analysis on Tuesday. I believe it’s his first speaking engagement since leaving ICANN’s top brass to become Donuts CEO in mid-November. He’s outnumbered by the .GLOBAL/RegistryOffice posse, so if he has anything interesting to say it may be lost in the sales pitches. Turakhia is also on the panel.
  • Andrew Allemann (Domain Name Wire), Elliot Noss (Tucows) and Zak Muscovitch (Internet Commerce Association) are spending an hour discussing the forthcoming .com price increases after lunch on Tuesday. With no Verisign rep on stage, I’m not sure how balanced the discussion will be, but all three men are engaging speakers and the session may be worth a look.
  • Sessions on emerging technologies include a discussion of Domain Connect with speakers from GoDaddy, WP Engine and Microsoft, and a solo talk on the intersection of blockchain and DNS fromm MMX CEO Toby Hall.
  • Allemann is also hosting a yet-to-be-announced panel of domainers who chose to invest in new gTLDs, entitled “What Were They Thinking?” which may be worth a look-see.

NamesCon runs from Sunday January 26 to Wednesday January 30. Standard ticket prices are $999 or $1,349 for the VIP treatment, though I believe discounts are still available for pre-orders.

It’s the conference’s final year at the cheap-and-cheerful Tropicana hotel in Las Vegas. The organization announced last year that NamesCon Global, its annual North American event, would be moving cities.

While many regular attendees seem to think somewhere warm would be preferable — Florida or California, perhaps — I’ve also heard whispers that a Canadian relocation has not been ruled out.

Canada. In January. Time to buy shares in manufacturers of tuques, perhaps?

Radix now has China approval for whole TLD stable

Kevin Murphy, January 3, 2019, Domain Services

Radix’s entire portfolio of new gTLDs is now approved for sale and use in China, according to the company.

The company said today that .host, .press, .space and .website recently received the nod from the Ministry of Industry and Information Technology, which regulates the domain name space in China.

.fun, .site, .online, .tech and .store have all previously received approval.

Across the three-million-domain portfolio, over 700,000 are registered in China, according to Radix.

It saw growth in China over over 30% in 2018 in terms of new domain adds, the company said in a press release.

CEO Sandeep Ramchandani said that Radix has partnered with local registrar Xinnet to give free domains to university students to “host their academic projects and business prototypes.”

Verisign says Afilias tried to “rig” $135 million .web auction

Kevin Murphy, December 17, 2018, Domain Services

Verisign has jumped back into the fight for the .web gTLD, all guns blazing, with a claim that Afilias offered millions in an attempt to “rig” a private auction for the string.

The .com behemoth accused Afilias last week of “collusive and anti-competitive efforts to rig the [.web] auction in its favor”.

It claims that Afilias offered rival bidder — and secret Verisign stooge — Nu Dot Co up to $17 million if it would participate in a private auction, and then tried to contact NDC during the auction’s “Blackout Period”.

The claims came in an amicus brief (pdf) filed by Verisign as part of Afilias’ Independent Review Process proceeding against ICANN.

The IRP is Afilias’ attempt to overturn the result of the July 2016 .web auction, in which NDC paid ICANN $135 million of Verisign’s money in exchange for the exclusive rights to .web

While neither Verisign nor NDC are parties to the IRP, they’re both attempting to become amicus curiae — “friends of the court” — giving them the right to provide evidence and arguments to the IRP panel.

Verisign argues that its rights would be seriously impacted by the proceeding — Afilias is looking for an emergency ruling preventing .web being delegated — because it won’t be able to bring .web to market.

But it’s also attempting to have the IRP thrown out altogether, on the basis of claims that Afilias broke the auction rules and has “unclean hands”.

Verisign’s brief states:

Afilias and other bidders proposed that a private auction be performed pursuant to collusive and potentially illegal terms about who could win and who would lose the auction, including guarantees of auction proceeds to certain losers of the auction.

NDC CFO Jose Rasco provides as evidence screenshots (pdf) of a text-message conversation he had with Afilias VP of sales Steve Heflin on June 7, 2016, in which Heflin attempts to persuade NDC to go to a private auction.

Every other member of the contention set at that point had agreed to a private auction, in which the winning bid would be shared out among the losers.

NDC was refusing to play along, because it had long ago secretly agreed to bid on behalf of Verisign, and was forcing a last-resort ICANN auction in which ICANN would receive the full sum of the winning bid. 

In that SMS conversation, Heflin says: “Can’t give up…how about I guarantee you score at least 16 mil if you go to private auction and lose?” followed by three money-bag emojis that I refuse to quote here on general principle.

Rasco responds with an offer to sell Afilias the .health gTLD, then just weeks away from launch, for $25 million.

Heflin ignores the offer and ups his .web offer to $17.02 million.

Given that it was a contention set of seven applicants, that suggests Afilias reckoned .web was going to sell for at least $100 million.

Verisign claims: “Afilias’s offers to ‘guarantee’ the amount of a payment to NDC as a losing bidder are an explicit offer to pay off NDC to not compete with Afilias in bidding on .web.”

Rasco also provides evidence that Schlund, another .web applicant, attempted to persuade NDC to join what it called an “Alternative Private Auction”.

This process would have divided bidders into “strong” and “weak” categories, with “strong” losing bidders walking away with a greater portion of the winning bid than the “weak” ones.

Verisign and NDC also claims that Afilias broke ICANN’s auction rules when VP John Kane texted Rasco to say: “If ICANN delays the auction next week would you again consider a private auction?”

That text was received July 22, four days before the auction and one day into the so-called “Blackout Period”, during which ICANN auction rules (pdf)  prohibit bidders from “cooperating or collaborating” with each other.

At that time, .web applicants Schlund and Radix already suspected Verisign was bankrolling NDC, and they were trying to get the auction delayed.

According to Verisign, Kane’s text means Afilias violated the Blackout rules and therefore it should lose its .web application entirely.  

The fact that these rules proscribe “collaborating” during the Blackout suggests that collaborating at other times was actually envisaged, which in turn suggests that Heflin’s texts may not be as naughty as Verisign claims.

Anyway, I think it’s fair to say the gloves, were they ever on, have come off.

Weighing in at over 1,000 pages, the combined amicus briefs and attached exhibits reveal some interesting additional facts that I don’t believe were in the public domain before now and may be worth noting here.

The Verisign filing reveals, I believe for the first time, that the final Verisign bid for .web was $142 million. It only paid $135 million because that was runner-up Afilias’ final bid.

It also reveals that Verisign and NDC signed their “executory agreement” — basically, NDC’s promise to sign over .web if Verisign bankrolled its bid — in August 2015, nearly a year before the auction took place. NDC evidently kept its secret for a long time before rivals got suspicious.

The IRP panelist is scheduled to rule on Afilias’ request for a “stay of all ICANN actions that further the delegation of the .WEB gTLD” on January 28.

Cybersquatting cases up because of .com

Kevin Murphy, March 23, 2018, Domain Services

The World Intellectual Property Organization handled cybersquatting cases covering almost a thousand extra domain names in 2017 over the previous year, but almost all of the growth came from complaints about .com names, according to the latest WIPO stats.

There were 3,074 UDRP cases filed with WIPO in 2017, up about 1.2% from the 3,036 cases heard in 2016, WIPO said in its annual roundup last week.

That’s slower growth than 2016, which saw a 10% increase in cases over the previous year.

But the number domains complained about in UDRP was up more sharply — 6,370 domains versus 5,374 in 2016.

WIPO graph

WIPO said that 12% of its 2017 cases covered domains registered in new gTLDs, down from 16% in 2016.

If you drill into its numbers, you see that 3,997 .com domains were complained about in 2017, up by 862 domains or 27% from the 3,135 seen in 2016.

.com accounted for 66% of UDRP’d domains in 2016 and 70% in 2017. The top four domains in WIPO’s table are all legacy gTLDs.

As usual when looking at stats for basically anything in the domain business in the last few years, the tumescent rise and meteoric fall of .xyz and .top have a lot to say about the numbers.

In 2016, they accounted for 321 and 153 of WIPO’s UDRP domains respectively, but they were down to 66 and 24 domains in 2017.

Instead, three Radix TLDs — .store, .site and .online — took the honors as the most complained-about new gTLDs, with 98, 79, and 74 domains respectively. Each of those three TLDs saw dozens more complained-about domains in 2017 than in 2016.

As usual, interpreting WIPO’s annual numbers requires caution for a number of reasons, among them: WIPO is not the only dispute resolution provider to handle UDRP cases, rises and falls in UDRP filings do not necessarily equate to rises and falls in cybersquatting, and comparisons between .com and new gTLDs do not take into account that new gTLDs also have the URS as an alternative dispute mechanism.