Latest news of the domain name industry

Recent Posts

Looks like .music is finally on its way

The hard-fought battle for .music appears to be over.

I’m not yet in a position to tell you which of the eight applicants for the new gTLD has been successful, but I can tell you some of those who were not.

Two applicants have this week withdrawn their bids, an almost certain sign that the contention set has been privately settled.

The first applicant to ditch its bid was dot Music Ltd, an application vehicle of Domain Venture Partners (we used to call this outfit Famous Four Media, but that’s changed).

The other is .music LLC, also known as Far Further.

We can almost certainly expect all but one of the remaining applicants to withdraw their applications over the coming days.

Applicants typically sign NDAs when they settle contention privately, usually via an auction.

Far Further was one of two unsuccessful “community” applicants for .music. It had the backing of dozens of music trade groups, including the influential Recording Industry Association of America. Even Radiohead’s guitarist chipped in with his support.

Evidently, none of these groups were prepared to fund Far Further to the extent it could win the .music contention set.

The .music contention set has been held up by the continuing protestations of the other community applicant, DotMusic Limited, the company run by long-time .music cheerleader Constantinos Roussos.

After DotMusic lost its Community Priority Evaluation in 2016, on the basis that the “community” was pretty much illusory under ICANN rules, it started to complain that the process was unfair.

The applicant immediately filed a Request for Reconsideration with ICANN.

.music then found itself one of several proposed gTLDs frozen while ICANN conducted an outside review of alleged irregularities in the CPE process.

That review found no impropriety in early 2018, a verdict DotMusic’s lawyer dismissed as a “whitewash”.

It has since stalled the process several times with requests for information under ICANN’s Documentary Information Disclosure Policy, and more RfRs when those requests were denied.

But this series of appeals finally came to an end March 14, when ICANN’s board of directors finally ruled against DotMusic’s 2016 RfR.

That appears to have opened up the .music set for private resolution.

So who won? I don’t know yet, but the remaining applicants are: DotMusic itself, Google, Amazon, MMX, Donuts and Radix.

There are certainly two very deep-pocketed companies on that list. Could we be looking at Google or Amazon as the new proprietors of .music?

If either of those companies has won, prospective registrants might find they have a long wait before they can pick up a .music domain. Neither of these giants has a track record of rushing its new gTLDs to market.

If the victor is a conventional gTLD registry, we’d very probably be looking at a launch in 2019.

Radix sees revenue up 30%

Kevin Murphy, March 12, 2019, Domain Registries

New gTLD registry Radix said today that its revenue increased by 30% in 2018, largely due to an end-of-year boost.

The company, which runs nine gTLDs including .online and .site, said that gross revenue was $16.95 million last year.

It added that net profit was up 45.6%, but the privately held company does not actually disclose the dollar value of its bottom line.

Radix said that the fourth quarter of the year, which presumably saw the benefits of Operation September Thrust, was its strongest quarter.

The company said that 27% of its revenue came from standard-price new registrations and 60% from renewals.

Its premiums brought in $1.9 million, 56% of which were premium renewals.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.

Operation September Thrust leads to another million-domain Radix gTLD

Kevin Murphy, February 4, 2019, Domain Registries

Radix has become the first new gTLD portfolio registry to hit over one million domains in more than one TLD.

It said today that .site has crossed the seven-digit threshold, joining .online, which hit a million names in 2018.

It’s huge recent growth for .site, which had around 561,000 domains under management at the end of September.

Radix CEO Sandeep Ramchandani told DI today that the rapid uptick comes as a result of a marketing program internally code-named “September Thrust”.

This involved promotional pricing — Ramchandani said the cheapest a .site could have been obtained would be about $0.99 — and joint-marketing efforts with multiple registrars.

This mostly involved plugs on registrar home pages, email shots, and promotion in the “check availability” part of registrar storefronts, he said.

The latest transaction reports filed with ICANN show .site grew by about 120,000 DUM in October, with West.cn, NameCheap and Network Solutions (Web.com) the biggest beneficiaries.

NetSol’s .site DUM actually grew by about 10x in the month.

The $1 retail pricing was apparently available at some registrars prior to September, and continues to exist on storefronts today.

NamesCon names con speakers

Kevin Murphy, January 7, 2019, Domain Services

With NamesCon’s swansong Las Vegas show just a few weeks away, its agenda and speaker list is well on the way to being finalized.

Organizers recently announced Bhavin Turakhia, Haseeb Tariq and Richard Lau as speakers.

Turakhia, founder of Radix and several registrars, is perhaps best-known for selling Media.net for $900 million and for being one of India’s richest entrepreneurs. His Monday keynote has the tagline “Insights and Inspiration”.

Tariq recently join Fox, but his bread-and-butter has been founding and selling tech startups and high-end domain names. He’s speaking on portfolio pricing strategies.

Overall, the agenda seems to be heavy on speakers from .GLOBAL and affiliated business intelligence service provider RegistryOffice, which are sponsoring the conference.

I won’t be attending, sadly, this year, but these other sessions caught my eye on the agenda:

  • Akram Atallah is part of a panel discussion on data analysis on Tuesday. I believe it’s his first speaking engagement since leaving ICANN’s top brass to become Donuts CEO in mid-November. He’s outnumbered by the .GLOBAL/RegistryOffice posse, so if he has anything interesting to say it may be lost in the sales pitches. Turakhia is also on the panel.
  • Andrew Allemann (Domain Name Wire), Elliot Noss (Tucows) and Zak Muscovitch (Internet Commerce Association) are spending an hour discussing the forthcoming .com price increases after lunch on Tuesday. With no Verisign rep on stage, I’m not sure how balanced the discussion will be, but all three men are engaging speakers and the session may be worth a look.
  • Sessions on emerging technologies include a discussion of Domain Connect with speakers from GoDaddy, WP Engine and Microsoft, and a solo talk on the intersection of blockchain and DNS fromm MMX CEO Toby Hall.
  • Allemann is also hosting a yet-to-be-announced panel of domainers who chose to invest in new gTLDs, entitled “What Were They Thinking?” which may be worth a look-see.

NamesCon runs from Sunday January 26 to Wednesday January 30. Standard ticket prices are $999 or $1,349 for the VIP treatment, though I believe discounts are still available for pre-orders.

It’s the conference’s final year at the cheap-and-cheerful Tropicana hotel in Las Vegas. The organization announced last year that NamesCon Global, its annual North American event, would be moving cities.

While many regular attendees seem to think somewhere warm would be preferable — Florida or California, perhaps — I’ve also heard whispers that a Canadian relocation has not been ruled out.

Canada. In January. Time to buy shares in manufacturers of tuques, perhaps?