Latest news of the domain name industry

Recent Posts

Airline hit with $230 million GDPR fine

Kevin Murphy, July 8, 2019, Domain Policy

British Airways is to be fined £183.39 million ($230 million) over a customer data breach last year, by far the biggest penalty to be handed out under the General Data Protection Regulation to date.

This story is not directly related to the domain name industry, but it does demonstrate that European data protection authorities are not messing about when it comes to GDPR enforcement.

About 500,000 BA customers had their personal data — including full payment card details — stolen by attackers between June and September last year, the UK Information Commissioner’s Office said today..

It is believed that they obtained the data not by hacking BA’s database, but rather by inserting a script hosted by third-party domain that executed whenever a customer transacted with the site, allowing credentials to be captured in real time.

The ICO said its decision to fine $183.39 million — which amounts to more than 1.5% of BA’s annual revenue — is preliminary and can be appealed by BA.

Under GDPR, which came into effect in May 2018, companies can be fined up to 4% of revenue.

The biggest pre-GDPR fine is reportedly the £500,000 penalty that Facebook was given due to the Cambridge Analytica scandal.

GDPR is of course of concern to the domain industry due to the ongoing attempts to make sure Whois databases are compliant with the laws.

1 Comment Tagged: , , , , , ,

After five-year wait, .madrid domains coming this month

Madrid will become the newest city to get its own gTLD later this month.

The Spanish capital will start accepting sunrise and landrush applications in concurrent priority periods that run from July 16 to October 3.

October 2 marks the five-year anniversary of .madrid being delegated. It’s taken the city a long time to figure out its launch plan.

General availability is due to begin October 10.

The sunrise period includes an option for European trademark owners that are not registered in the Trademark Clearinghouse to obtain names, but with deference to matching TMCH mark holders.

A couple hundred names of local public services have already been tentatively allocated under a pre-sunrise priority period.

.madrid does have local “nexus” eligibility requirements, but it does not appear that you actually need to be located in Madrid, or even in Spain, to obtain a domain.

By my reckoning, the launches of .madrid and .zuerich (which is currently in sunrise and slated to hit GA next April) means MMX’s .budapest is the only 2012-round city-gTLD that has yet to outline its launch plans.

1 Comment Tagged: , ,

Foreigners mostly speak foreign, ccTLD study finds

English may be the lingua franca of the internet, but most foreigners still stubbornly stick to their own tongues, a study has found.

The research, carried out by Oxford Information Labs for CENTR, covered 10 ccTLDs and geo-gTLDs and found that “on average, 76% of web content associated with each TLD reflects the languages spoken in the relevant country or territory.”

English was used in 19% of cases, with other languages coming in at 4%.

The Latin-script ccTLDs in question were .ch (Switzerland), .nl (Netherlands), .pt (Portugal), .ru (Russia), .se (Sweden) and .sk (Slovakia).

Also surveyed was the Cyrillic-script Russian ccTLD .рф and .nu, which is designated to English-speaking Niue but marketed primarily in Swedish-speaking Sweden (it also helpfully makes its zone files available for this kind of research).

The research also covered .cat, a gTLD specifically targeted at the Catalonia region of Spain.

In total, 16.4 million domains, culled from zone files, were looked at. The results were supplemented by research carried out in .nl by local registry SIDN.

Oxford Information Labs said that it was hired “to test the hypothesis that ccTLDs support local languages”

In each TLD, the minimum amount of content in the TLD-appropriate language (after parked pages and spam had been weeded out) was 64% of domains. That appears to be the score for .sk, the Slovakian TLD run by a British registry.

The highest concentration of local language occurred, as you might expect, in the IDN .рф.

Surprisingly, .cat, which I believe is the only TLD in the survey to contractually require “substantial” local-language content in its registrants’ web sites, appears to be about 30% non-Catalan.

The average across all the surveyed TLD was 76% local-language content. The researchers concluded:

This study’s findings indicate that country and regional TLDs boost the presence of local languages online and show lower levels of English language than is found in the domain name sector worldwide.

It is estimated that 54% of all web content is in English.

3 Comments Tagged: , , ,

.icu joins the million-domains club in one year, but spam triples

Another new gTLD has joined the exclusive list of those to enter seven figures in terms of domains under management.

.icu, managed by ShortDot, topped one million names this week, according to COO Kevin Kopas.

It’s taken about a month for DUM to increase from 900,000 names, and if zone files are any guide half of that growth seems to have happened in the last week.

.icu domains currently sell for between $1 and $2 for the first year at the cheap end of the market, where most regs are concentrated, with renewals closer to the $10 mark.

The gTLD joins the likes of .club, .xyz, .site and .online to cross the seven-figure threshold.

When we reported on the 900,000-reg mark at the end of May, we noted that .icu had a SpamHaus “badness” rating of 6.4%, meaning that 6.4% of all the emails coming from .icu addresses that SpamHaus saw were classified as spam.

That score was roughly the same as .com, so therefore pretty respectable.

But in the meantime, .icu’s badness score has almost tripled, to 17.4%, while .com’s has stayed about the same.

Picking through the Google search results and Alexa list for .icu domains, it appears that high-quality legit web sites are few and far between.

Whether that’s a fixable symptom of .icu’s rapid growth — it’s only about 13 months post-launch — or a predictor of poor long-term potential remains to be seen.

1 Comment Tagged: , , ,

Cloudflare “bug” reveals hundreds of secret domain prices

The secret wholesale prices for hundreds of TLDs have been leaked, due to an alleged “bug” at a registrar.

The registry fees for some 259 TLDs, including those managed by Donuts, Verisign and Afilias, are currently publicly available online, after a programmer used what they called a “bug” in Cloudflare’s API to scrape together price lists without actually buying anything.

Cloudflare famously busted into the domain registrar market last September by announcing that it would sell domains at cost, thumbing its nose at other registrars by suggesting that all they’re doing is “pinging an API”.

But because most TLD registries have confidentiality clauses in their Registry-Registrar Agreements, accredited registrars are not actually allowed to reveal the wholesale prices.

That’s kind of a problem if you’re a registrar that has announced that you will never charge a markup, ever.

Cloudflare has tried to get around this by not listing its prices publicly.

Currently, it does not sell new registrations, instead only accepting inbound transfers from other registrars. Registry transaction reports reveal that it has had tens of thousands of names transferred in, but has not created a significant number of new domains.

(As an aside, it’s difficult to see how it could ever sell a new reg without first revealing its price and therefore breaking its NDAs.).

It appears that the only way to manually ascertain the wholesale prices of all of the TLDs it supports would be to buy one of each at a different registrar, then transfer them to Cloudflare, thereby revealing the “at cost” price.

This would cost over $9,500, at Cloudflare’s prices, and it’s difficult to see what the ROI would be.

However, one enterprising individual discovered via the Cloudflare API that the registrar was not actually checking whether they owned a domain before revealing its price.

They were therefore able to compile a list of Cloudflare’s prices and therefore the wholesale prices registries charge.

The list, and the script used to compile it, are both currently available on code repository Github.

The bulk of the list comprises Donuts’ vast portfolio, but most TLDs belonging to Afilias (including the ccTLD .io), XYZ.com and Radix are also on there.

It’s not possible for me to verify that all of the prices are correct, but the ones that are comparable to already public information (such as .com and .net) match, and the rest are all in the ballpark of what I’ve always assumed or have been privately told they were.

The data was last refreshed in April, so without updates its shelf life is likely limited. Donuts, for example, is introducing price increases across most of its portfolio this year.

1 Comment Tagged: , , , , , , , ,