Latest news of the domain name industry

Recent Posts

New gTLDs growing faster than .com, latest Verisign data shows

Kevin Murphy, September 18, 2015, Domain Registries

New gTLDs grew faster than .com in the last 12 months.

That seems to be one of the conclusions that can be drawn from Verisign’s Q2 Domain Name Industry Brief, which was published (pdf) yesterday, if you dig into the numbers a little.

The headline number is that the number of all domains across all TLDs was 296 million, up sequentially by 2.2 million domains. That’s annual growth of 16.4 million domains, Verisign said.

I thought it might be interesting to see where that growth came from, so I plugged the numbers from Verisign’s last five DNIB reports into a spreadsheet, reproduced in this table.


From these numbers, we can calculate the quarterly sequential growth, measured in domains, for the whole DNS, for .com, for new gTLDs and for ccTLDs.

That table looks like this:


It appears from this table that .com grew by more domains than new gTLDs over the last year — 4.8 million versus 4.36 million — but the numbers are a bit misleading due to the way Verisign sources its data.

For most ccTLDs, Verisign has always used the third-party research outfit ZookNic, which has its own way of estimating registration volumes.

For new gTLDs, Verisign uses the zone files as published daily by ICANN — the same source DI and others use to measure volume.

However, for .com Verisign uses its own in-house data source. It is, after all, the .com registry.

The numbers for .com you find in the DNIB reports are exactly the same as the numbers Verisign gives financial analysts and investors when it reports its quarterly earnings.

And the company changed the way it reports those numbers in Q1 this year.

See that unusually high addition of 2.2 million names in .com in Q1 in the above table? That reflects the addition of very nearly 750,000 hidden .com names in March this year.

At that time, Verisign started counting domains that are on “hold” statuses, largely due to new ICANN policies on unverified Whois information.

The last two DNIB reports have sourced .com numbers with this disclosure:

The domain name base is the active zone plus the number of domain names that are registered but not configured for use in the respective Top-Level Domain zone file plus the number of domain names that are in a client or server hold status.

The actual Q1 growth number for .com should in the 1.4 million to 1.5 million range, which would bring .com’s total growth over the last four quarters down to roughly 4.1 million names.

An apples-to-apples comparison of extant zone-file domain growth would show new gTLDs beating .com, in other words.

But is this a fair measure of demand?

No. It’s fairer to say that .com still outsells its competition by a long way.

New gTLDs had yet to experience any significant churn by Q2 this year, as most had been on the market for under a year, so the growth numbers are more or less untempered by the renewal cycle.

While Verisign’s .com growth is net, for new gTLDs it’s almost all gross.

Verisign says in the latest DNIB has it had 8.7 million new registrations across .com and .net in the second quarter, which would be roughly eight times as many as new gTLDs — all several hundred of them combined — managed to move.

.cam given the nod as Rightside wins confusion appeal

Kevin Murphy, September 4, 2015, Domain Registries

Rightside’s application for .cam will be un-rejected after the company beat Verisign in an appeal against a 2013 String Confusion Objection decision.

That’s right, .cam is officially no longer too confusingly similar to .com.

In a just-published August 26 decision (pdf) a three-person International Centre for Dispute Resolution panel overruled the original SCO panelist’s decision.

The new panel wrote:

Based on the average, reasonable Internet’s user’s experience, and the importance of search engines, in the [Final Review Panel]’s view, confusion, if any, between .COM and .CAM is highly likely to be fleeting. While a fleeting association may create some “possibility of confusion” or evoke an “association in the sense that the string brings another string to mind,” both such reactions are insufficient under the ICANN SCO standard to support a finding that confusion is probable.

It’s not quite as clear-cut a ruling as the .shop versus .通販 ruling last week, relying on the appeals panel essentially just disagreeing with some of the finer points of the original panel’s interpretation of the evidence.

Relating to one piece of evidence, the appeals panel found that the original panelist “improperly shifted the burden of proof” to Rightside to show that .cam was intended for camera-related uses.

Rightside was one of two applicants given the opportunity to appeal its SCO decision by ICANN last year, largely because two other .cam applicants managed to pass their Verisign objections with flying colors, creating obvious inconsistency.

Taryn Naidu, Rightside’s CEO, said in a statement:

We always felt strongly that the first panel’s decision was seriously flawed. How can .CAM in one application be different from the .CAM in another application when evaluated on the basis of string similarity? The fact is, it can’t.

It’s always struck me as unfair that Verisign did not get the chance to appeal the two SCOs it lost, given that the panelist in both cases was the same guy using the same thought processes.

The question now is: is the appeals panel correct?

I suppose we’ll find out after .cam goes on sale and unscrupulous domainers attempt to sell .cam names for inflated prices, hoping their would-be buyers don’t notice the difference.

The other two .cam applicants are AC Webconnecting and Famous Four Media. All three will now go to auction.

Did pay NetSol $3m to bloat .xyz?

Kevin Murphy, August 25, 2015, Domain Registries

Evidence of a possibly dodgy deal between and Network Solutions has emerged.

Court documents filed last week by Verisign suggest that the .xyz registry may have purchased $3 million in advertising in exchange for $3 million of .xyz domain names.

Verisign, which is suing .xyz and CEO Daniel Negari over its allegedly “false” advertising, submitted to the court a list of hundreds of exhibits (pdf) that it proposes to use at trial.

Among them are these two:

  • Email from Negari to Andrew Gorrin re EPP Feed and billing directly for $3,000,000 in domains
  • Credit Memo to Andrew from Negari “We have elected to pay for our $3MM Q2 advertising insertion order, which was dated May 20th with a credit…….” (5/31/14)

Gorrin is’s senior VP of marketing and Negari is Daniel Negari,’s CEO.

The documents these headings refer to are not public information, and are not likely to be any time soon, but they appear to refer to on the one hand XYZ billing NetSol for $3 million in domain names and on the other NetSol billing XYZ for $3 million in advertising.

Only one of the two document headings is dated, so we don’t know how closely they coincided.

Other headings, among the 446 documents Verisign wants to use at trial, suggest that they happened at pretty much the same time:

  • Email from Andrew Gorrin to Ashley Henning ( re Bulk Purchase of .xyz domains (5/29/14)
  • Email from Andrew Gorrin to Negari re XYZ.Com Advertising IO and Marketing Agreement attaching signed agreements (5/20/14)
  • Email string Ashley Henning to Christine Nagey, Andrew Gorrin, Edward Angstadt re Bulk Purchase of .XYZ Domains (5/30/14)

The emails Verisign cites were dated May 2014, shortly before .xyz went into general availability June 2.

What we seem to be looking at here — and I’m getting into speculative territory here — are references to two more or less simultaneous transactions, both valued at exactly $3 million, between the two parties.

Both companies have consistently refused to address the nature of their deal, citing NDAs.

As you recall, the vast majority of .xyz’s early registrations were provided by NetSol, which pushed hundreds of thousands of free .xyz domains into its customers’ accounts without their explicit consent.

The number of freebies is believed to be about 350,000, based on comments Negari recently made to The Telegraph, in which he stated that .xyz, which had about 850,000 domains in its zone at the time, would have 500,000 registrations if the freebies were excluded.

With a registry fee roughly equivalent to .com’s (.xyz’s is believed to be a little lower), 350,000 names would work out to roughly $3 million.

Negari has stated previously that every .xyz registration was revenue-generating, even the freebies.

Is it possible that NetSol paid XYZ’s registry fees using money XYZ paid it for advertising? Is it possible no money changed hands at all?

I’m not saying either company has done anything illegal, and it’s completely possible I’m completely misunderstanding the situation, but it does rather put me in mind of the old “round-trip” deals that tech firms used to dishonestly prop up their tumbling revenue at the turn of the century.

Back in 2000, the dot-com bubble was on the verge of popping, taking the US economy with it, and companies facing the decline of their businesses came up with “creative” ways to show investors that they were still growing.

AOL Time Warner, for example, “effectively funded its own online advertising revenue by giving the counterparties the means to pay for advertising that they would not otherwise have purchased”.

Regulators exercised their legal options in these cases only where there appeared to be dishonest accounting, and I’ve seen no evidence to suggest that XYZ or unit NetSol have failed to adhere to anything but the highest accounting standards.

Again, I’m not saying we’re looking at a “round-trip” deal here, and there’s not a great deal of evidence to go on, but it sure smells familiar.

Certainly, questions have been raised that Verisign did not raise in its initial complaint.


On a personal note, I’d like to disclose that among the documents Verisign demanded from XYZ are dozens of pages of previously confidential emails exchanged between myself and Negari.

I’ve read them, and they’re mostly heated arguments about a) his refusal to give details about the NetSol deal and b) my purported lack of journalistic integrity whenever I published a post about .xyz with an even slightly negative angle.

XYZ had no choice but to supply these emails. I can’t blame it for complying with its legal requirements.

I wasn’t the only affected blogger. Mike Berkens, Konstantinos Zournas, Rick Schwartz and Morgan Linton also had their private correspondence compromised by Verisign.

I don’t know how they feel about this violation, but in my view this shows Verisign’s contempt for the media and its disregard for the sanctity of off-the-record conversations between reporters and their sources.

And that’s what I have to say about that.

Two more legacy gTLDs agree to use URS

The registries behind .pro and .cat have agreed to new ICANN contracts with changes that, among other things, would bring the Uniform Rapid Suspension policy to the two gTLDs.

Both gTLD Registry Agreements expire this year. Proposed replacement contracts, based heavily on the base New gTLD Registry Agreement, have been published by ICANN for public comment.

They’re the second and third pre-2012 gTLDs to agree to use URS, which gives trademark owners a simpler, cheaper way to have infringing domains yanked.

Two weeks ago, .travel agreed to the same changes, which drew criticisms from the organization that represents big domain investors.

Phil Corwin of the Internet Commerce Association is worried that ICANN is trying to make URS a de facto consensus policy and thereby bring it to .com, which is still where most domainers have most of their assets.

Following DI’s report about .travel, Corwin wrote last week:

this proposed Registry Agreement (RA) contains a provision through which staff is trying to preempt community discussion and decide a major policy issue through a contract with a private party. And that very big issue is whether Uniform Rapid Suspension (URS) should be a consensus policy applicable to all gTLDs, including incumbents like .Com and .Net.

ICANN needs to hear from the global Internet community, in significant volume, that imposing the URS on an incumbent gTLD is unacceptable because it would mean that ICANN staff, not the community, is determining that URS should be a consensus policy and thereby undermining the entire bottom-up policy process. Domain suspensions are serious business – in fact they were at the heart of the SOPA proposal that inspired millions of emails to the US Congress in opposition.

The concern about .com may be a bit over-stated.

Verisign’s current .com contract is presumptively renewed November 2018 provided that it adopts terms similar to those in place at the five next-largest gTLDs.

Given that .net is the second-largest gTLD, and that .net does not have URS, we’d have to either see .net’s volume plummet or at least five new gTLDs break through the 15 million domains mark in the next three years, both of which seem extraordinarily unlikely, for .com to be forced to adopt URS.

However, if URS has become an industry standard by then, political pressure could be brought to bear regardless.

Other changes to .pro and .cat contracts include a change in ICANN fees.

While .pro appears to have been on the standard new gTLD fee scheme since 2012, .cat is currently paying ICANN $1 per transaction.

Under the new contract, .cat would pay $0.25 per transaction instead, but its annual fixed fee would increase from $10,000 to $25,000.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015. aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.