Latest news of the domain name industry

Recent Posts

Domain growth slows a lot in Q1

The growth of the domain name industry slowed in the first quarter, numbers published today by Verisign reveal.

According to its latest Domain Name Industry Brief (pdf), the domain universe grew to 330.6 million in Q1.

That’s an increase of 1.3 million names on Q4 2016, a 0.4% sequential increase, and 11.8 million names, 3.7% growth, compared to Q1 2016.

In the Q4 DNIB, Verisign reported industry growth of 0.7% and 6.8% respectively.

The only change on the list of the top 10 TLDs was that .nl and .xyz switched places (.xyz is now in 10th place, with 5.6 million names, but this rank will not last long).

ccTLDs in general did not match the growth of the overall market. There were approximately 143.1 million ccTLD domains at the end of March, up 0.3% sequentially and 1.7% year over year, both substantially smaller numbers than reported in Q4.

The free ccTLD .tk, which has been responsible for huge swings in recent reports, is reported to have declined by about 100,000 names to 18.6 million.

Excluding .tk, the growth rate of ccTLDs was better — 0.5% sequentially and 3.9% compared to the year-ago quarter.

Verisign’s data is largely based on zone files for gTLDs and independent researcher ZookNic for ccTLDs.

Junk drop cuts .xyz in half, .top claims volume crown

The .xyz gTLD has seen its zone file halve in size, as millions of free and cheap domains were not renewed.

The former volume leader among new gTLDs started this month with a tad over 5.2 million domains in its zone.

But its July 17 zone contained 2.5 million, much less than half as many, DI analysis shows.

The precipitous decline means that Chinese-run gTLD .top, increasingly notorious as a go-to TLD for spammers, is now literally at the top of the league table, when you measure new gTLDs by zone file volume, with 2.6 million names.

The primary reason for .xyz losing so many names is of course the expiration of most of the domains that were sold for just $0.01 — or given away for free — in the first few days of June 2016, and the aggressive promotional pricing on offer for the remainder of that month.

On May 30, 2016, there were just under 2.8 million names in the .xyz zone. By July 1, 2016, that number had topped 6.2 million, an increase of 3.4 million over a single month.

That was .xyz’s peak. The zone has been in gradual decline ever since.

Domains generally take 45 days to drop, so it’s entirely possible XYZ.com will see further losses over the next month or so.

There’s nothing unusual about seeing a so-called “junk drop” a year after a TLD launches or runs a free-domains promotion. It’s been well-understood for over a decade and has been anticipated for .xyz for over a year.

But compounding its problems, the .xyz registry appears to still be banned in China, where a substantial portion of its former customer base is located.

The company disclosed over two months ago that it had a “temporary” problem that had seen its license to sell domains via Chinese registrars suspended.

The ban was related to XYZ falling out with its original “real name verification” provider, ZDNS, which was tasked with verifying the identities of Chinese registrants per local government regulations.

I’ve never been able to confirm with either party the cause of this split, but everyone else involved in the Chinese market I’ve asked has told me it related to a dispute over money.

Regardless, two months later the major Chinese registrars I checked today still appear to not be carrying .xyz names.

XYZ has meanwhile signed up with alternative Chinese RNV provider Tele-info, and just three days ago submitted the necessary paperwork (pdf) with ICANN to have the move approved as a registry service under its contract.

In that request, XYZ said the new RNV service “will allow XYZ to reenter certain domain name markets”, suggesting that it has not yet regained Chinese government approval to operate there.

.xyz sets price for numeric domains at $0.65

XYZ.com has announced that it will charge just $0.65 wholesale for over a billion numeric domain names in .xyz.

The revelation came as part of a confusing launch of what the registry calls its “1.111B Class” domains.

That’s because the pricing affects all 1.111 billion numerical domains of six, seven, eight and nine digits in .xyz.

These will now all register and renew for $0.65 or a recommended $0.99 retail.

That’s the same price that regular alphanumeric .xyz domains are selling at at many registrars, but the pricing for the 1.111B names is said to be fixed forever; it’s not a temporary promotion.

The announcement was themed on a take on the 16-year-old “All Your Base” meme and a white paper (pdf) written in the color scheme and typeface of a 1990s Unix terminal.

There’s a whole lot of fluff involved, but the gist of it appears to be that XYZ thinks these domains have value, when registered in bulk, to do stuff like address “Internet of Things” devices. The white paper states:

With the emergence of the Internet of Things (IoT), the 1.111B Class serves as a platform to easily and uniquely identify different devices, ranging from laptops to smart thermostats. In fact, registrants can even secure tens, hundreds, thousands to millions of domains in sequential order to create a block. These blocks can match device serial numbers or vehicle VIN numbers, then be used as portals for consumers to connect with their products, and for their products to receive updates from manufacturers.

There are of course far cheaper ways to go about this, such as using subdomains of an existing branded domain (which would have the added benefit of semantic value).

XYZ also talks in vague terms about these cheap domains being similar to Bitcoin, with reference to how Chinese domainers trade worthless domains as a kind of virtual currency.

I must confess I don’t get this idea at all. In my mind, owning a domain that has no possibility of an end-user buyer is more of a liability that an asset.

Still, it’s interesting to see a registry attempting to market domains for non-traditional purposes, so I’m curious to see how it plays out.

Country names to finally be released in new gTLDs

Kevin Murphy, May 24, 2017, Domain Policy

It looks like hundreds of domain names matching the names of countries are to finally get released from ICANN limbo.

The ICANN board last week passed a resolution calling for the organization to clear a backlog of over 60 registry requests to start selling or using country and territory names in their gTLDs.

Some of the requests date back to 2014. They’ve all been stuck in red tape while ICANN tried to make sure members of the Governmental Advisory Committee was cool with the names being released.

The result of these three years of pondering is scrappy, but will actually allow some names to hit the market this year.

The new resolution calls for ICANN to “take all steps necessary to grant ICANN approvals for the release of country and territory names at the second-level”, but only “to the extent the relevant government has indicated its approval”.

And that’s the catch.

Some governments, such as the US and UK, don’t care who registers matching names. Dozens of others want to vet each registry request on a case-by-case basis.

The wishes of each government are record in a GAC database.

The only territories to so far give a blanket waiver over their names are: Denmark, Finland, Ireland, the Netherlands, Norway, Sweden, the UK, the USA, Guernsey and Pitcairn.

Almost 70 other countries have said they need to be told when a registry wants to sell a domain matching their name. Ten others give carte blanche to closed dot-brands, but require notification in the case of open gTLDs.

The majority of countries in the world have yet to officially express a preference one way or the other.

Of the roughly 60 new gTLD registries to request country name releases over the last few years, the vast majority are dot-brands. The number of open gTLDs with such requests appears to be in the single figures, and the only ones with mass-market appeal appear to be .xyz and .global.

XYZ acquires .storage, its 10th gTLD

XYZ.com said today that it has acquired the half-launched new gTLD .storage from its original owner.

The terms of the deal were not disclosed, but CEO Daniel Negari said in a blog post that it has been funded using some of the “excess of cash flow” from sales of .xyz domains.

The original .storage registry was Extra Space Storage, which rents out physical storage units in the US.

It started its protracted launch period a little over a year ago but had not planned to go to general availability until July this year.

Having apparently passed through its sunrise period and a special landrush for the storage industry, which ended in January, it has fewer than 800 domains in its zone file.

It looks like XYZ will be essentially relaunching the gTLD from scratch, with a new sunrise period penciled in for November and an early access period and GA slated for December.

Pre-launch pricing is around the $80 mark at the few registrars I checked today, and it looks like that will remain under the new management.

That’s despite XYZ talking today about .storage as a “premium” vertically-focused TLD along the lines of its $3,000 .cars or $750 .theatre.

The company said that it will not hold back reserved names at higher, premium pricing. Even nice-looking domains such as cloud.storage will be available at the base fee, it said.

The new acquisition becomes the 10th that XYZ has a hand in running, if you count the three car-related gTLDs it manages in a joint venture with Uniregistry. The others are .security, .rent, .protection, .theatre, and .college.

China approves more Donuts, Afilias gTLDs

Donuts and Afilias have had two batches of new gTLDs approved for use in China.

The Ministry of Industry and Information Technology approved five Afilias TLDs and six Donuts TLDs last month. This means customers of Chinese registrars will now be able to legally use those names in China.

Afilias was approved for .info, .mobi and .pro, which were delegated following the 2000 and 2003 new gTLD application rounds and .kim and .red from the 2012 round.

Donuts simultaneously was cleared for .ltd, .group, .游戏 (“game”), .企业 (“business”), .娱乐 (“entertainment) and .商店 (“store”).

The approvals more than double the number of new gTLDs in Latin script to get the nod from MIIT, in what now appears to be a monthly occurrence.

In February, .ink and four Chinese-script TLDs passed the regulatory process, following .site and .shop in January and .vip, .club and .xyz in December.

MIIT approval means the chance of usage by Chinese registrants should go up, but it also ties these Western registries to relatively Draconian government policies when it comes to Chinese registrations.

CentralNic says revenue more than doubled in 2016

CentralNic’s revenue was up 110% in 2016, according to the company.

The registry today released its unaudited results for last year, showing EBITDA up 65% at £5.5 million ($6.7 million) on revenue of £22.1 million ($26.9 million)

The company, which has expanded into registrar services via acquisition in the last few years, said its recurring revenue — mainly domain registrations — now account for about 80% of revenue.

CentralNic has about a third of the new gTLD back-end market, primarily because it’s the provider for .xyz’s millions of cheapo registrations.

In its statement, it said it hopes to focus on growing more in China, where clients including .xyz were recently licensed.

It also intends to make more acquisitions, where the deals “meet clear strategic criteria including being earnings accretive in the short term with a strong recurring revenues base”.

How .com became a restricted TLD

Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.

Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.

ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.

It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.

Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.

Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.

These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.

Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.

The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.

A Verisign spokesperson said the company “has implemented” the system.

The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.

Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.

Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.

Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.

Some have chosen to work with registration gateway providers in China to comply with the local rules.

Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.

Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.

Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.

This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.

It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.

However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.

Phishing in new gTLDs up 1,000% but .com still the worst

Kevin Murphy, February 20, 2017, Domain Registries

The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.

.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.

But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.

New gTLDs saw a 1,000% increase in attacks on 2015, the report states.

The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.

The company said:

Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.

There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.

Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.

But the numbers show that new gTLDs are significantly under-represented in phishing attacks.

According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.

Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.

CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.

The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.

Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.

But PhishLabs said in its report:

When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.

By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.

Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.

Five more new gTLDs, one in English, get the nod from China

Kevin Murphy, February 14, 2017, Domain Registries

Top Level Design’s .ink has become the sixth new gTLD in the Latin alphabet to be approved for sale in China.

It was one of four new gTLDs given regulatory approval to begin operating properly in the country late last week. The others were all in Chinese script.

From Finnish-founded TLD Registry, .中文网 (“Chinese web site”) and .在线 (“Chinese online”) gained approval.

From local outfit Guangzhou Yuwei Information Technology Co, .集团 (“group”) and .我爱你 (“I love you”) were given the nod.

It’s the third batch of new gTLDs to get Chinese government approval since .vip, .club and .xyz in December. In January, .site and .shop joined their ranks.

Under China’s Draconian domain name regulations, only domains registered via local registries and registrars may be used.

Registries from outside the country have had to set up a local corporate presence and agree to China’s censorship policies in order to be compliant.