Latest news of the domain name industry

Recent Posts

Donuts acquisition of Afilias closes, integration work begins

Kevin Murphy, January 4, 2021, Domain Registries

Donuts’ acquisition of Afilias closed without incident on December 29, the companies announced last week.

The registries said that registrants and registrar partners should not see any immediate disruption, but added that it’s now working on an integration plan that should see some changes over the longer term.

“Our combined teams can now begin developing an integration plan, with a goal of minimizing disruption to those we serve,” Akram Atallah, Donuts’ CEO, said in a press release. “We expect no changes in the short term, and ample notice on any changes that are decided.”

Atallah has previously told DI that it’s likely that Afilias’ owned and operated TLDs will likely be transferred to Donuts’ registry back-end, which is hosted on the Amazon cloud.

He also said that services such as the Domain Protected Marks List, currently available in 240+ Donuts gTLDs, should soon become available in Afilias’ 20-odd.

The deal, for an undisclosed sum, was subject to scrutiny by ICANN, which could have blocked it, but its board of directors considered the merger last month with no resolution passed.

Comment Tagged: , , ,

GoDaddy pranks employees with “insensitive” phishing test

Kevin Murphy, December 28, 2020, Domain Registrars

GoDaddy has apologized to its staff after teasing them with a $650 Christmas bonus that turned out to be nothing but a test of whether they could be duped into handing over their sensitive personal info.

Employees worldwide reportedly received emails promising the bonus December 14 from an official-looking but presumably spoofed address.

Those who clicked through and filled out a form with their personal data received a second email a few days later informing them they’d actually just failed a “phishing test” and would “need to retake the Security Awareness Social Engineering training.”

Around 500 staff reportedly failed the test.

But many were pissed off that the company would dangle a bonus, only to snatch it away, just a week before Christmas and at a time when the coronavirus pandemic has caused many to fear for their livelihoods.

While GoDaddy rode out the pandemic just fine, it laid off hundreds, regardless.

After the prank last week attracted media attention, the company apologized to its employees, saying in a statement sent to the AFP:

GoDaddy takes the security of our platform extremely seriously. We understand some employees were upset by the phishing attempt and felt it was insensitive, for which we have apologised. While the test mimicked real attempts in play today, we need to do better and be more sensitive to our employees.

I sincerely hope nobody spent their illusory $650 in the days before the test was revealed.

Comment Tagged: , , ,

US sneaks public Whois demands into pandemic relief bill

Kevin Murphy, December 28, 2020, Domain Policy

Outgoing US president Donald Trump has signed into law a coronavirus relief bill and spending package that contains a surprise instruction for the government to pursue open access to Whois records.

The Consolidated Appropriations Act of 2021 is focused on federal spending for fiscal 2021, with billions set aside for pandemic-related economic stimulus. It’s the bill you may recall Trump refused to sign for several days on the purported basis that it only provided Americans with a piddling $600 check.

An accompanying document contains encouragement for the National Telecommunications and Information Administration to “to require registrars and registries based in the United States to collect and make public accurate domain name registration information”.

It also asks the NTIA to continue to work within ICANN’s Governmental Advisory Committee to help create “a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information”.

The text can be found in a joint explanatory statement (pdf) accompanying the act. It’s not on the statute books as such, but it does tell NTIA how to spend the money it’s been allocated.

The full text relevant to the domain name industry reads:

NTIA is directed, through its position within the Governmental Advisory Committee o work with I CANN to expedite the establishment of a global access model that provides law enforcement, intellectual property rights holders, and third parties with timely access to accurate domain name registration information for legitimate purposes. NTIA is encouraged, as appropriate, to require registrars and registries based in the United States to collect and make public accurate domain name registration information.

As ICANN notes in its analysis, the first sentence is not telling NTIA to do anything it hasn’t been doing since the European Union’s General Data Protection Regulation came into effect two and a half years ago.

The NTIA and GAC have been involved in efforts to create a privacy workaround for rights holders and law enforcement, which in September came up with the widely panned SSAD proposals. ICANN is currently pleading with the EU for clarity on whether it would even be legal.

The second sentence is perhaps a bit more worrying, dangling as it does the possibility of American registries and registrars having to either break EU law or implement a much more complex Whois infrastructure.

But, as ICANN notes, the words “encouraged, as appropriate” are doing a lot of heavy lifting in that sentence, saying “encouragement is aspirational; it is not a mandate”.

However, ICANN appears to be treating it as a warning shot, with head of compliance Jamie Hedlund writing:

It appears to hint that if NTIA and the ICANN community can’t develop a robust access model, Congress could entertain more forceful measures that would impose requirements on U.S.-based registries and registrars to collect and publish domain name registration information.

It seems the NTIA has the wink to cause mischief, should ICANN not deliver what intellectual property lobbyists want.

Comment Tagged: , , , , , , ,

Verisign drops half a mill on pandemic relief

Kevin Murphy, December 28, 2020, Domain Registries

Verisign has donated over half a million dollars to pandemic-related causes, the company announced last week.

The donations are aimed at relieving economic side-effects of the pandemic such as food poverty and unemployment.

The .com registry operator said in a blog post it has given $275,000 to food banks in Washington DC, Maryland, Virginia, and Delaware where most of its US operations are based, and in Fribourg, Switzerland, its European HQ.

It’s also given $250,000 to Virginia Cares, an initiative dedicated to retraining unemployed Virginians for in-demand jobs in the tech sector.

Verisign was of course an inadvertent beneficiary of the pandemic, as lockdown regimes worldwide led to a boost in domain registrations as businesses such as bars and cafes moved online.

Comment Tagged: , , , ,

Mixed messages from ICANN on pandemic travel in 2021

Kevin Murphy, December 22, 2020, Domain Policy

ICANN still hasn’t formally cancelled its public meeting in Cancun, Mexico next March, but it appears to be planning for scheduled in-person gatherings to not resume until the fourth quarter of next year.

While nobody in their right mind seems to believe ICANN 70 will go ahead anywhere other than virtually — and ICANN’s top brass acknowledged in October that a face-to-face community forum appeared highly unlikely — the Org has still not announced that it will be the fourth consecutive meeting to be held via Zoom.

But two recently published documents show that ICANN doesn’t see travel getting back to normal any time soon, though its expected timing is ambiguous.

First, the proposed budget for fiscal 2022, which was published on Friday, envisages pandemic-related travel restrictions for only “the first nine months” of its current FY21, which ends June 30 next year.

That means that ICANN, at least in its travel budget, still thinks there’s a chance that international travel may be an option as early as April next year. Its travel budget for this year is $4.7 million, which certainly suggests one normal public meeting.

That would rule out Cancun, but leaves open the possibility that June 14-17 public meeting in The Hague could actually go ahead.

The budget also assumes a normal level of travel spending for the whole of FY22, which would mean ICANN 72 in Seattle — a mere domestic flight for most ICANN staff and a good portion of the domain industry — would also take place in-person next October.

But a resolution passed by the ICANN board of directors last Thursday appears to have a more pessimistic outlook.

The board at that meeting approved the continuation of contingency plans for signing the cryptographic keys at the root of the DNS that would eliminate the need for travel until the fourth quarter of calendar 2021.

Normal, quarterly root Key-Signing Key ceremonies require a small number of trusted “secret key holders” to be flown from around the world into facilities in the US, carrying physical keys, to ensure the integrity of the process.

But those rules were tweaked under coronavirus lockdown last April to allow IANA employees to sub in for these key-holders.

Understanding that the pandemic wasn’t going away any time soon, but perhaps with hindsight on the optimistic side, the KSK ceremony in April generated three quarters’ worth of keys in advance, enabling root DNSSEC until the end of March 2021.

Last Thursday, the ICANN board resolved to again bulk-generate keys during its next ceremony, to be held some time in the first quarter. The plan states:

The coronavirus pandemic is expected to continue to significantly impact operations well into 2021. To limit the impact on the ability to hold quarterly key ceremonies, the plan again provides for generating signatures for an extended nine-month period. This relieves the need to hold a subsequent key signing ceremony until the fourth quarter of 2021.

So, while the proposed budget thinks travel could return to normal by April, the KSK plans are thinking October could be the best-case scenario.

Vaccines appear to be the key, as you might expect:

Staff will continue to monitor the pandemic and prepare for all possible scenarios for this ceremony in accordance with the graduated approach. Should widespread vaccination programs prove to be successful, and international travel limitations be relaxed, it is conceivable a late-2021 ceremony could be conducted in its normal format with international in-person participation.

I’m going to go out on a limb and suggest that the chances of a normal in-person ICANN meeting going ahead before Seattle are pretty slim.

For vaccination programs to be successful, we’re going to need a combination of competent governments capable of handling an unprecedented logistical challenge and a largely sane, rationale populace willing to go under the needle en masse. I’m afraid I don’t have that much faith in humanity.

Even if everything goes smoothly, we’re still looking at the vaccine rollout taking a long time indeed. I live in the UK, the first country to roll out vaccinations at scale, and I don’t anticipate getting the jab for six months or more.

An unofficial calculator tool estimates that a middle-aged Brit with no diagnosed preexisting conditions cannot reasonably expect to get a vaccine until July 2021, assuming the UK manages to quickly ramp up to one million vaccinations per week and 70% of those eligible choose to take the shot.

If that’s true elsewhere in the world, and vaccination becomes a passport to travel, then any hypothetical June face-to-face ICANN meeting could resemble a senior care home or retirement village even more than usual.

Not so much Club Med as a Saga Holiday.

And none of this takes into account the potential impact of the super-spreadable new coronavirus strain discovered to be hugely prevalent in the UK last week.

While it’s early days, it seems there’s a significant possibility that what I’m calling the limeyvirus (because what goes better with Corona than lime?) is going to significantly impact travel worldwide in the coming months.

Comment Tagged: , , , , , , , , , ,

ICANN predicts rosy post-pandemic domain industry — time to start panicking?

Kevin Murphy, December 21, 2020, Domain Policy

Having totally misjudged the impact of the coronavirus pandemic on the domain name industry and its own budget, ICANN is now forecasting a rosy (post-pandemic?) fiscal 2022.

The Org has just published its proposed budget for the 12 months beginning July 1, 2021, predicting decent growth in transactions for new and legacy gTLDs, along with a modest increase in new registrars.

It’s also predicting that international travel will be back to normal, with three full in-person public meetings going ahead as usual.

ICANN is planning to receive $144.4 million in FY22, up slightly from the $140 million it expects to receive in the current financial year.

The FY22 number is boosted by a $4 million bung from Verisign, negotiated as part of the .com contract renewal, which lifted the price freeze.

It’s predicting a 3% increase in legacy gTLD registry transaction fees to $52.8 million and a 6% increase in legacy gTLD registry transaction fees to $5.1 million.

Registrar transaction fees for legacy gTLDs is expected to be up 4% to $33.4 million, with registrar fees for new gTLDs is predicted to rise 5% to $4.2 million.

Altogether, that’s $3 million extra in transaction fees — paid whenever a domain is registered, renewed or transferred — compared to its expected FY21 performance.

But that’s offset by a $600,000 predicted decline in fixed registry fees, due to an expected loss of 15 new gTLD registries (most likely dormant dot-brands) in the period. It expects to end the year with 1,141 fee-paying registries.

ICANN expects its pool of accredited registrars to bounce back a little, adding 28 in FY22 having lost an expected 121 in FY21. It expects to end FY22 with 2,356 registrars on its books.

The proposed budget also sheds light on how ICANN expects the remainder of coronavirus-afflicted FY21 playing out.

It currently expects its top line for the year to June 30, 2021 to be $140 million, compared to the $129.3 million it predicted in the FY21 budget approved in May this year.

But that budget had been slashed in April by 8% from its original draft, published a year ago. It had planned for $140.4 million, but reduced expectations by $11.1 million due to the coronavirus pandemic.

In April, before the extent of the lockdown bump experienced by many registries and registrars became clear, ICANN said:

ICANN org funding may be impacted because the economic crisis stemming from the pandemic has the potential to impact the funding from domain name registrations and contracted parties through the end of FY20 and into the first months of FY21.

Today, it’s saying the impact from coronavirus was “less than expected” and generally forecasting “stable” and more or less business as usual in FY22.

ICANN had budgeted for $85.5 million in transaction fees from all sources in the current year, but now it expects that to come in at $92.6 million, much closer to its December 2019 estimate of $94.7 million.

It had expected to see transaction fees from new gTLDs at both registry and registrar levels to be down by a third, at $8 million, but that number’s now expected to come in at $8.9 million. Likewise, the budget predicted a legacy gTLDs dip of 2.3% to $77.5 million, rather than the $86.2 million it now thinks is heading its way.

I should probably point out for future reference that the proposed budget for FY22 was published Friday, the day before the new strain of ultra-infectious coronavirus was discovered in the UK. Who knows what the impact of that might be.

The budget is open for public comment for two months here.

1 Comment Tagged: , , , ,

DI World Global International Headquarters is relocating

Kevin Murphy, December 18, 2020, Gossip

After 10 years based in London, DI Global World International HQ is moving.

Any client, partner, friend or contact who currently has a London mailing address for DIWIGHQ in their Rolodex or database should probably delete that address forthwith.

Anything currently in the mail or sent over the next few weeks will probably find its way to my inbox eventually, but after that all bets are off.

A new location for the International Global World HQ it still TBD.

The current plan is to bubble up with family for several months, riding out the worst of the pandemic, before picking a more permanent home when travel restrictions loosen up some.

If you need an address to post something to in the meantime, ask me privately.

As an aside, one surprising thing I’ve discovered about myself while packing up the old HQ over the last few days is that I’ve apparently been a secret hoarder this whole time.

I don’t believe I’ve thrown away a single piece of schwag from ICANN meetings or industry conferences for over a decade.

T-shirts, backpacks, stickers, torches, magnets, badges, pins, buttons, pens, pencils, notebooks, webcam covers, mints, gum, hand sanitizer, USB gizmos, flight socks, maple syrup, wine, reams and reams of slick promotional bosh…

With hindsight, I should have bundled it all up and sold the lot to a gullible industry fanboy via a seasonal charity auction.

But by now it’s all already rotting at the bottom of an East London landfill, and the poor old orphaned donkeys will just have to starve.

2 Comments Tagged:

ICANN throws the book at Net4 over dodgy transfer claims

Kevin Murphy, December 15, 2020, Domain Registrars

Struggling Indian registrar Net 4 India has been slammed with a massive breach notice by ICANN, following claims of domain transfers failing or happening without the consent of the registrant.

ICANN also accuses the company, which is or was India’s largest independent registrar, of trying to bullshit its compliance staff about whether expired domains had been renewed or not.

According to ICANN, Net4 is in breach of the Registrar Accreditation Agreement on four counts, three of which relate to domain ownership records.

ICANN says the company isn’t operating a Whois service on the web or port 43, has failed to escrow its registration data on two recent occasions, and has failed to hand over registrant information upon ICANN’s request.

It’s also past due with its fees, ICANN says.

ICANN’s been dealing with complaints about Net4 for months, after the company’s customer service system appeared to break down in the wake of the coronavirus pandemic. Hundreds of customers have said their domains were unrenewable and that they were unable to transfer to another registrar.

In the latest breach notice — the first published breach notice against any registrar since February — ICANN names almost 200 domain names that have allegedly been held hostage at Net4, despite the registrant’s efforts to transfer out.

ICANN wants proof that registrants were given transfer authorization codes and that their domains were unlocked.

In a smaller number of cases, ICANN wants proof that domains were transferred to Net4 partner Openprovider, for which it acts as a reseller, with the consent of the registrants.

It also claims that Net4 has more than once tried to prove that a registrant renewed their expired name by supplying the registry’s expiration date instead of its own, to blag its way out of accusations that registrants were unable to renew.

ICANN also accuses the registrar of dragging its feet to address complaints:

Over the past few months, the number of complaints ICANN Contractual Compliance has received from [registered name holders], and authorized representatives, asserting that Net 4 India is exhibiting a pattern of non-response to domain transfer and renewal requests has steadily increased. While addressing the relevant compliance cases, Net 4 India’s responses to ICANN Contractual Compliance have also regularly been untimely and incomplete.

Net4 is now in the unprecedented position of being subject to two different breach notices simultaneously.

ICANN actually issued a suspension notice in June 2019, after noticing that Net4 had been in insolvency proceedings for two years — a debt recovery agency is trying to recover $28 million in unpaid debts.

But that suspension deadline was paused after talks with the “resolution professional” handling the insolvency case, for reasons ICANN’s been rather quiet about, and it remains on pause to this date.

The newest breach notice has a December 31 deadline on it. Unless Net4 turns on its Whois and hands over the reams of requested data by then, ICANN could terminate its contract.

Assuming the insolvency court allows it to, presumably.

Comment Tagged: , , , , , , ,

Fraud checks coming to .ch as SWITCH renews contract

Kevin Murphy, December 15, 2020, Domain Registries

Swiss ccTLD registry SWITCH has agreed to implement new security measures as part of its contract renewal with the government.

The company said Friday that it has extended its contract to run .ch names with the telecoms regulator OFCOM for five more years, bring it up to December 2026.

But as part of the renewal, SWITCH has agreed to “speed up the adoption and implementation of technical security standards”.

This will involved financial incentives for registrars to adopt DNSSEC, the registry said.

It will also introduce measures to combat fraud at the point of registration, with SWITCH saying “in the event of suspected fraudulent intent, newly registered domain names can be used only after an identity check.”

The policy appears similar to those at other ccTLDs, including .uk, where new regs are flagged under certain circumstances (such as containing coronavirus-related terms) and cannot resolve until further checks are carried out.

Comment Tagged: , , ,

South African registry to be merged with film censor, broadband regulator

Kevin Murphy, December 15, 2020, Domain Registries

South African ccTLD operator ZADNA is to be merged with two other government agencies, including the film censor, under a program announced by the nation’s government this week.

The non-profit state-owned company will merged with Independent Communications Authority of South Africa (ICASA), which regulates telecoms and broadband, and the Film and Publications Board, which censors and classifies movies, under plans announced today.

It comes as part of a broader government initiative to rationalize South Africa’s state-owned enterprises.

While it’s far from uncommon for a ccTLD to be managed by a state telecoms regulator, I’m not aware of any instances where a registry shares a roof with a movies regulator.

ZADNA is currently the official ccTLD manager for .za, though in practice it’s operated under contract by non-profit ZA Central Registry.

Comment Tagged: , ,