Latest news of the domain name industry

Recent Posts

The .web gTLD could go live in 2016

Kevin Murphy, April 27, 2016, Domain Registries

The new gTLD .web could be coming to the internet sooner than expected after two of the remaining barriers to delegation disappeared.

Following the withdrawal last week of an application for the plural .webs, an auction for .web could happen in the next couple of months, enabling a go-live date possibly in 2016.

.web, often considered the most desirable truly generic gTLD, has had a rough time of it in the 2012 ICANN new gTLD program.

There were seven applications for the string. Google, Web.com, Donuts, Radix, Afilias, Schlund Technologies, Nu Dot Co all applied.

The registrar Web.com (owner of Network Solutions, Register.com, et al) appears to be especially keen to get the domain, given that the string more or less matches its brand.

It perhaps should have been a straightforward auction shoot-out.

But, complicating matters, bespoke printing firm Vistaprint had filed two applications — one vanilla, one “community” based — for the plural version of the string, “.webs”.

Vistaprint runs a website development service called Webs.com. It’s the plural of the Web.com brand.

Web.com wasn’t happy about Vistaprint’s .webs applications, so it filed String Confusion Objections against both, arguing that .web and .webs were too confusingly similar to co-exist on the internet.

While there are now many examples of plurals and singulars living together (see .auto/s, .fan/s and .gift/s), the registrar won both of its SCO complaints, meaning Vistaprint’s two applications and the seven .web applicants were lumped together into the same contention set.

If two strings are in the same contention set, only one can survive to be ultimately delegated to the DNS.

Vistaprint appealed the SCO decisions, first with a Request for Reconsideration to the ICANN board (predictably unsuccessful) and then with an Independent Review Process complaint.

While the IRP was being mulled over, .web was in limbo.

The IRP was unsuccessful. The IRP panel ruled in October that ICANN had not violated its bylaws in accepting the SCO panel’s decision.

But it gave ICANN a nudge, suggesting that perhaps it could give Vistaprint leave to appeal the original SCO determinations via another mechanism.

In early March, the ICANN board proper decided that:

the Vistaprint SCO Expert Determination is not sufficiently “inconsistent” or “unreasonable” such that the underlying objection proceedings resulting in the Expert Determination warrants re-evaluation.

The board said that the .web/.webs contention set should be processed as normal; in other words: go to auction.

That removed the first barrier to the .web/.webs auction going ahead.

The second barrier was the fact that Visaprint had file two applications for .webs — one regular, one “community”.

By self-identifying as a “community”, Vistaprint qualified for the Community Priority Evaluation. A winning CPE means all competing applications — including the .web applications in this case — would be eliminated.

While the CPE process is far from perfect, I think the chances of Vistaprint winning would be pretty slim.

Perhaps Vistaprint agreed with me. Whatever the thought process, the company has withdrawn its “community” application. The withdrawal was reflected on the ICANN web site at the weekend, according to the little birds at DI PRO.

What this means is that the seven .web applications and Vistaprint’s remaining, non-community .webs application will be going to auction together.

It could be a private auction, where the proceeds are divvied up between the losers, or an ICANN “last resort” auction, where ICANN gets all the money.

Either way, the winning bidder is likely to pay a LOT of cash for their chosen string.

GMO Registry paid $41 million for .shop back in January. I’d be flabbergasted if .web wasn’t eight figures too.

If Vistaprint offers to pay more money for .webs than Web.com wants to pay for .web, Web.com will be eliminated from the race and Vistaprint will get .webs.

In that scenario, the remaining six .web applicants fight it out for control of the gTLD.

However, if Vistaprint loses against Web.com then all of the seven .web applicants fight it out at auction.

Depending on the identity of the winner and the timing of auctions and pre-delegation testing, it could slip into the root and possibly even become available before the end of the year.

That’s assuming no more surprises, of course.

UPDATE: This post originally incorrectly described the rules of the .web/.webs auction. It was updated with a correct explanation at 2120 UTC.

.hotel fight gets nasty with “criminal” hacking claims

Kevin Murphy, April 19, 2016, Domain Registries

A group of would-be .hotel gTLD registries have called on ICANN to reject the winning applicant’s bid or be complicit in “criminal acts”.

The group, which includes Travel Reservations, Famous Four Media, Radix, Minds + Machines, Donuts and Fegistry is threatening to file a second Independent Review Process complaint unless ICANN complies with its demands.

Six applicants, represented by Flip Petillion of Crowell & Moring, claim that Hotel Top Level Domain Sarl should forfeit its application because one of its representatives gained unauthorized access to their trade secrets.

That’s a reference to a story we covered extensively last year, where an ICANN audit found that DotBerlin CEO Dirk Krischenowski, or at least somebody using his credentials, had accessed hundreds of supposedly confidential gTLD application documents on ICANN’s web site.

Krischenowski, who has denied any wrongdoing, is also involved with HTLD, though in what capacity appears to be a matter of dispute between ICANN and the rival .hotel applicants.

In a month-old letter (pdf) to ICANN, only published at the weekend, Petillion doesn’t pull many punches.

The letter alleges:

Allowing HTLD’s application to proceed would go agaist everthing that ICANN stands for. It would amount to an acquiescence in criminal acts that were committed with the obvious intent to obtain an unfair advantage over direct competitors.

ICANN caught a representative of HTLD stealing trade secrets of competing applicants via the use of computers and the internet. The situation is even more critical as the crime was committed with the obvious intent of obtaining sensitive business information concerning a competing applicant.

It points out that ICANN’s Applicant Guidebook disqualifies people from applying for a new gTLD if they’ve been convicted of a computer crime.

To the best of my knowledge Krischenowski has not been convicted of, or even charged with, any computer crime.

What ICANN says he did was use its new gTLD applicants’ customer service portal to search for documents which, due to a dumb misconfiguration by ICANN, were visible to users other than their owners.

Krischenowski told DI in an emailed statement today:

According to ICANN, the failure in ICANN’s CSC and GDD portals was the result of a misconfiguration by ICANN of the software used (as mentioned at https://www.icann.org/news/announcement-2-2015-11-19-en). As a user, I relied on the proper functioning of ICANN’s technical infrastructure while working with ICANN’s CSC portal.

HTLD’s application for .hotel is currently “On Hold”, though it is technically the winner of the seven-application contention set.

It prevailed after winning a controversial Community Priority Evaluation in 2014, which was then challenged in an Independent Review Process case by the applicants Petillion represents.

They lost the IRP, but the IRP panelists said that ICANN’s failure to be transparent about its investigation into Krischenowski could amount to a breach of its bylaws.

In its February ruling, the IRP panel wrote:

It is not clear if ICANN has properly investigated the allegation of association between HTLD and D. Krischenowski and, if it has, what conclusions it has reached. Openness and transparency, in the light of such serious allegations, require that it should, and that it should make public the fact of the investigation and the result thereof.

The ruling seems to envisage the possibility of a follow-up IRP.

ICANN had told the panel that its investigation was not complete, so its failure to act to date could not be considered inaction.

The ICANN board resolved in March, two days after Petillion’s letter was sent, to “complete the investigation” and “provide a report to the Board for consideration”.

While the complaining applicants want information about this investigation, their clear preference appears to be that the HTLD application be thrown out.

.shop gTLD sells for record $41.5 million

Kevin Murphy, January 28, 2016, Domain Registries

The nine-way fight for the .shop gTLD has raised $41.5 million at auction.

It’s the most-expensive reported new gTLD sale to date.

The victor was GMO Registry of Japan, which runs a few Asian geographic gTLDs and acts as service provider for over a dozen dot-brands.

GMO wanted .shop so badly it actually applied twice for the gTLD in the 2012 application round.

Only two bidders, GMO and an unidentified rival, were prepared to pay over $15 million, according to ICANN.

The previous record-holder for an ICANN gTLD auction was .app, which Google bought for a smidgen over $25 million last February.

Dozens of contention sets have “self resolved” via private auction, but the winning bids of those are typically not disclosed.

According to GMO’s .shop application, .shop will be an open, unrestricted namespace. The company seems to be planning to sell value-added e-commerce services in addition to domain names.

But domainers will not be welcome in the gTLD. GMO’s application reads:

Registration of a .SHOP domain name solely for the purpose of selling, exchanging, trading, leasing the domain name shall be deemed as inappropriate use or intent.

The company plans to do random spot checks to make sure no registrants are breaking this rule.

GMO is using CentralNic as its back-end registry services software provider, following a 2013 deal.

Radix, Famous Four, Donuts, Google, Amazon, 2000-round applicant Commercial Connect and a company called Beijing Jingdong 360 had all applied for .shop.

But according to ICANN only seven of the original applicants qualified for the auction.

One of the drop-outs was GMO itself. The company has actually applied for .shop twice — once as a regular applicant and once as a “community”.

The non-community application was the one that participated in the auction.

Unsuccessful community applicant Commercial Connect, which has been fighting for .shop since first applying for it in 2000, also did not participate.

On Tuesday, it filed a futile Request for Reconsideration (pdf) with ICANN, complaining about the fact that it lost its Community Priority Evaluation.

.shop was originally linked to .shopping, due to a badly decided String Similarity Objection, but that contention set was resolved separately by Donuts and Uniregistry last week.

Web.com just gave itself another reason to bid high for .web gTLD

Kevin Murphy, November 9, 2015, Domain Registrars

Registrar group Web.com is changing its stock market ticker symbol to WEB tomorrow, in another sign that it really, really wants to be identified with the string.

The switch from WWWW may indicate that the NASDAQ-listed company’s six rivals for the new gTLD .web have a fight — and a possible big payday — on their hands when .web finally goes to auction.

Web.com is competing with Nu Dot Co, Radix, Google, Donuts, Afilias and Schlund for the gTLD.

The company has already fiercely defended its “right” to .web, filing successful String Confusion Objections against .webs applicant Vistaprint.

Vistaprint subsequently filed an ICANN Independent Review Process complaint to appeal its SCO loss.

Last month, the IRP was won by ICANN, but the panel left the door open for ICANN to reconsider its decision.

The .web auction is not likely to go ahead until the Vistaprint issue is resolved.

If ICANN decides the two strings can be delegated separately, what I think is the last barrier to the .web auction going ahead disappears.

If not, then Vistaprint finds itself as the seventh contender in the auction, which may give it the impetus to carry on challenging the ruling.

ICANN’s board plans to discuss the issue at its next meeting, December 10.

Which way it leans will give an indication of how long it will be before .web goes to auction.

Now Uniregistry shifts to Early Access launch model

Kevin Murphy, October 28, 2015, Domain Registries

Uniregistry has become the latest registry to adopt the Early Access Period model for some new gTLD launches.

.cars, .car and .auto will all use the EAP, in place of the more typical landrush period, when they launch in January.

Technically, while Uniregistry is running the back-end, the three gTLDS are all being offered by Cars Registry, a partnership between Uniregistry and .xyz registry XYZ.com.

Uniregistry CEO Frank Schilling said it was felt that EAP was needed due to the “stupendous cost” of acquiring the strings.

EAP is a period lasting usually about a week in which the price of registering any domain descends daily from a very high fee on day one — usually above $10,000 at the storefront — to maybe a hundred bucks when the period closes.

The model was pioneered by portfolio registries Donuts and Rightside, but has since been adopted by the likes of Minds + Machines, Radix and XYZ.com.

It’s rapidly becoming the de facto industry standard for new gTLD launches, replacing the auction-based approach to landrush most registries have used in the past.

The driving factor for the industry switch is surely revenue.

Donuts told us late last month that it had sold 48,381 EAP domains across all of its launches to date, where registry prices are believed to start at around the $10,000 mark.

M+M said yesterday that it sold $1.18 million after it chose to use EAP with its recently launched .law gTLD, where registration restrictions suggest many of the sales will have been to legit end users.

Registrars also get a bigger slice of the pie. In an auction model they might wind up with just the regular registration fee, but with EAP they can mark up day one domains by thousands of dollars.

Cars Registry says its EAP is targeted at “OEMs, dealerships, vendors”, but it will almost certainly get a healthy chunk of domainer interest too.

Radix targets a million .online names in 2-3 years

Kevin Murphy, August 27, 2015, Domain Registries

Having just finished the most-successful new gTLD launch day to date, Radix Registry reckons it can get .online to seven figures in two to three years.

“We’re at 37,170 names as of an hour ago,” Radix CEO Bhavin Turakhia told DI at about 1000 UTC this morning.

That represents less than a full day of general availability. The company said last night that 28,000 names were registered in the first 30 minutes.

UPDATE: At the 24-hour mark, Radix tweeted this:

That beats .club’s 25,000-ish, which was Radix’s publicly stated goal, but it also tops .berlin’s 31,000 first-day names.

The CEOs of both these rival registries had publicly predicted their positions would be toppled and actively encouraged Radix to claim the crown.

Turakhia said that the majority of names registered came from pre-orders, largely at 1&1.

“Fourteen thousand names came from 1&1, 6,000 from Go Daddy, 2,700 from United Domains, 1,900 from Name.com and 1,400 from Tucows,” he said, partially breaking down the 37,170 figure by registrar.

He said the goal is to have a .online zone measured in the millions of names.

“I estimate that we should be able to get to a million names in a period of two to three years,” he said. “That’s on a conservative basis.”

Depending on how you count domains, .xyz may have already been the first to hit one million. Its zone never got as high as a million names, but it may have briefly crossed a million in terms of domains under management earlier this year.

At auction, .online sold for what is believed to be an eight-figure sum, originally to a joint venture of Radix, Tucows and Namecheap.

Radix bought out its partners earlier this year.

That was an increase in risk exposure Radix business head Sandeep Ramchandani said made him nervous. He said launch day’s numbers show .online’s potential.

Turahkhia said that there are 680,000 names in the .com zone that end in “online” today, and a million that have “online” somewhere in the second level, showing that the string is desirable to registrants.

Radix said last night that its Early Access Period — during which names are sold for a higher price — ended with 1,130 sales.

Turahkhia said that of these, about 1,000 were registered in the last three days, during which time the price was $100. Regular .online pricing is around the same as .com ($14.99 at 1&1 and Go Daddy), but some registrars are selling for as much at $50.

Radix targets 25,000 names for .online’s first day

Kevin Murphy, August 18, 2015, Domain Registries

Radix Registry reckons .online will move at least 15,000 domains in its first day of general availability, but it’s aiming higher.

“We are confident .online will be amongst the biggest new gTLDs that have launched,” Radix business head Sandeep Ramchandani said in a press release today.

“The same sentiment across several Registrar Partners has reinforced our beliefs. We expect to start off with at least 15,000 registrations at launch and would love to break .club’s launch record,” he said.

When .CLUB Domains launched .club in 2014, its zone file showed over 25,000 domains after the first 10 hours.

Radix is basing its projections not only on its registrar conversations, but also on .online’s sunrise period, which ended yesterday with 775 sales.

That number is of course low by pre-2012 standards, but it’s in the top tier of sunrise periods for non-controversial new gTLDs.

The only strings to top 1,000 names to date have been ICM Registry’s .porn and .adult and Vox Populi’s .sucks.

.CLUB’s sunrise weighed in at 454 domains.

Radix had better hope .online is successful — the gTLD sold for seven or eight figures at private auction.

The gTLD will go to its Early Access Period tomorrow before settling down to regular pricing August 26.

New gTLDs not an illegal conspiracy, court rules

Kevin Murphy, August 5, 2015, Domain Policy

ICANN has beaten off a lawsuit from alternate root provider name.space for a second time, with a US appeals court ruling that the new gTLD program was not an illegal conspiracy.

name.space sued ICANN in 2012, claiming that the program broke competition laws and that “conflicted” ICANN directors conspired with the industry in an “attack” on its business model.

The company runs an alternate DNS root containing hundreds of TLDs that hardly anyone knows about, cares about, or has access to.

Almost 200 of the strings in its system had matching applications in the 2012 new gTLD round; many have since been delegated.

The company’s complaint asked for an injunction against all 189 matching TLDs.

But a court ruled against it in 2013, saying that name.space had failed to make a case for breaches of antitrust law.

Last week, an appeals court upheld that ruling, saying that the company had basically failed to cross the legal threshold from simply making wild allegations to showing evidence of an illegal conspiracy.

“We cannot… infer an anticompetitive agreement when factual allegations ‘just as easily suggest rational, legal business behavior.’,” the court ruled, citing precedent.

“Here, ICANN’s decision-making was fully consistent with its agreement with the DOC [US Department of Commerce] to operate the DNS and the Root,” it wrote. “In transferring control to ICANN, the DOC specifically required it to coordinate the introduction of new TLDs onto the Root. This is exactly what ICANN did in the 2012 Application Round”.

“The 2012 rules and procedures were facially neutral, and there are no allegations that the selection process was rigged,” the panel ruled.

The court further ruled that ICANN is not a competitor in the markets for domain names as registry, registrar or defensive registration services, therefore it could not be subject to antitrust claims for those markets.

A few other claims against ICANN were also dismissed.

In short, it’s a pretty decisive victory for ICANN. General counsel John Jeffrey said in a statement that ICANN is “pleased” to have won.

All the major documents in the case, including the latest opinion, can be downloaded here.

While the lawsuit has been making its way through the courts, the .space gTLD has actually been delegated and the domain name.space is owned by its new registry, Radix.

There’s some salt in the wounds.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

Dirty tricks claimed in .music fight

Kevin Murphy, April 22, 2015, Domain Registries

A .music hopeful has tried to add over 300 pages of documents to its new gTLD application, apparently in an effort to leapfrog competitors, and its rival community applicant is far from happy.

DotMusic Limited submitted the change request (pdf) in order to add some Public Interest Commitments to its .music bid.

Rival .Music LLC now claims that it is “outrageous and unfair for ICANN to allow this applicant to abuse the PIC process in this way” and has filed a Request for Reconsideration.

Of the eight .music bidders, these two companies are the only formal “community” applicants.

Under the rules of the new gTLD program, community applicants can avoid having to fight an auction if they win a strict Community Priority Evaluation.

To avoid confusion: DotMusic Limited is the applicant led by Constantine Roussos; .Music LLC (aka Far Further) is led by John Styll.

Far Further fought a CPE last year but lost in spectacular fashion, scoring just 3 out of the 16 available points, a long way shy of the 14 points required for a pass.

The Roussos applicant has now submitted eight new proposed Public Interest Commitments — things it promises to do to protect registrants and rights holders — as an addendum to its application.

That’s pretty standard stuff.

What’s unusual are the 308 pages of additional “clarifications” that seek to explain how the proposed PICs relate to its original application.

They’re not changes to the application, technically speaking, but they are a way to get hundreds of extra pages of content into the public record ahead of DotMusic’s own CPE.

According to Styll, this latest gambit is nothing more than an attempt to score more CPE points. He told ICANN:

the 308 additional pages of “clarifications” contain wording that clearly utilizes learnings from previous CPE results (including our own), in violation of ICANN policy

Complicating matters, it turns out that Far Further tried to make some substantive changes to its application back in May 2014, but had the request declined by ICANN “in order to be fair to other applicants”.

That was prior to ICANN’s publication of guidelines governing change request, Styll says.

Because of this alleged discrepancy between how the two competing change requests were handled, Far Further wants a second crack at the CPE for its own application.

Its RfR (pdf) asks ICANN to reverse its May 2014 decision, allow its change request, throw out the original results of its CPE and refer the CPE to a new Economist Intelligence Unit panel for a full reevaluation.

Failing that, it wants ICANN to throw out the 308 pages of “clarifications” submitted by DotMusic.

Both applicants have the written support of dozens of music industry groups.

There’s some crossover, but Far Further’s backers appear to me to be a little more “establishment” than DotMusic’s, including the likes of the Recording Industry Association of America.

The other, non-community applicants are Amazon, Google, Donuts, Radix, Famous Four Media and Entertainment Names.

With Google and Amazon in the mix, if it goes to auction, .music could easily be an eight-figure auction along the lines of .app, which sold to Google for $25 million.

In my view, winning a CPE is the only way DotMusic has a chance of getting its hands on .music, short of combining with another applicant.