Latest news of the domain name industry

Recent Posts

Verisign likely to get its billion-dollar .com pricing windfall

Kevin Murphy, October 28, 2019, Domain Registries

Verisign and ICANN appear to be on the verge of signing a new .com registry contract that could prove extremely lucrative for the legacy gTLD company.

Speaking to analysts following the announcement of Verisign’s third-quarter results late last week, CEO Jim Bidzos said talks with ICANN, which have their first anniversary this week, are “nearly complete”.

The new contract will take on the terms of the Cooperative Agreement between Verisign and the US Department of Commerce, which was amended a year ago to scrap an Obama-era price freeze.

Under the future contract, Verisign is expected to be able to raise its .com fee from its current $7.85 by 7% in four of the six years of the deal. As I wrote at the time, this could be worth close to a billion dollars.

This, for a company that already enjoys profit margins so generous that I regularly receive phone calls from perplexed analysts asking me to help explain how they get away with it.

Bidzos said on Thursday night:

let me remind you that under the 2016 amendment to our .com registry agreement with ICANN, which extended the term of the agreement, we and ICANN also agree to negotiate in good faith to do two things; first, we agree to reflect changes to the Cooperative Agreement in the com agreement, including pricing terms. Second, we agree to amend the com agreement to include terms to preserve and enhance the security and stability of the com registry or the internet.

We believe these discussions with ICANN are nearly complete. While it will be inappropriate at this time to provide more details, I can say that we were satisfied with the results so far. As noted, this is an ICANN process and we expect that before long ICANN will be publishing for public comment the documents we have been discussing.

The Cooperative Agreement also allows Verisign to launch a registrar business, just as long as that registrar does not sell .com domains.

Potentially, Verisign could get the right to launch a customer-facing registrar focused on selling .net, .org and newer gTLDs and ccTLDs.

Given we already pretty much know what the new pricing regime is going to be, the big mystery right now is why it’s taken ICANN and Verisign so long to renegotiate the contract.

One analyst asked Bidzos on Thursday whether ICANN has talked its way into getting a bigger slice of the registry fee, currently set at $0.25 per annual domain transaction.

That’s in-line with what almost all the other gTLD registries pay, and I can’t see ICANN demanding more without attracting a tonne of criticism. Verisign is already by some margin its biggest funding source.

Could ICANN have demanded that Verisign adopt the Uniform Rapid Suspension anti-cybersquatting policy, which would be guaranteed to enrage domain investors?

Whatever else is to be added to the contract, it appears to be related to that amorphous term “security and stability”, which could mean basically anything.

When ICANN and Verisign agreed to talk about new terms “to preserve and enhance the security and stability of the Internet or the TLD”, what on Earth where they talking about?

It looks like we won’t have to wait too much longer to find out.

After .org price outrage, ICANN says it has NOT scrapped public comments

Kevin Murphy, October 11, 2019, Domain Policy

ICANN this evening said that it will continue to open up gTLD registry contract amendments for public comment periods, despite posting information yesterday suggesting that it would stop doing so.

The organization recently formalized what it calls “internal guidelines” on when public comment periods are required, and provided a summary in a blog post yesterday.

It was very easy to infer from the wording of the post that ICANN, in the wake of the controversy over the renegotiation of Public Interest Registry’s .org contract, had decided to no longer ask for public comments on future legacy gTLD contract amendments.

I inferred as much, as did another domain news blogger and a few other interested parties I pinged today.

I asked ICANN if that was a correct inference and Cyrus Namazi, head of ICANN’s Global Domains Division, replied:

No, that is not correct. All Registry contract amendments will continue to be posted for public comment same as before.

He went on to say that contract changes that come about as a result of Registry Service Evaluation Process requests or stuff like change of ownership will continue to not be subject to full public comment periods (though RSEP does have its own, less-publicized comment system).

The ICANN blog post lists several scenarios in which ICANN is required to open a public comment period. On the list is this:

ICANN org base agreements with registry operators and registrars.

The word “base” raised at least eight eyebrows of people who read the post, including my two.

The “base” agreements ICANN has with registries and registrars are the 2013 Registrar Accreditation Agreement and the 2012/2017 Registry Agreement.

The RAA applies to all accredited registrars and the base RA applies to all new gTLD registries that applied in the 2012 round.

Registries that applied for, or were already running, gTLDs prior to 2012 all have bespoke contracts that have been gradually brought more — but not necessarily fully — into line with the 2012/17 RA in renewal renegotiations over the last several years.

In all cases, the renegotiated legacy contracts have been subject to public comment, but in no cases have the comments had any meaningful impact on their ultimate approval by ICANN.

The most recent such renewal was Public Interest Registry’s .org contract.

Among the changes were the introduction of the Uniform Rapid Suspension anti-cybersquatting policy, and the removal of price caps that had limited PIR to a 10% increase per year.

The comment period on this contract attracted over 3,200 comments, almost all of which objected to the price regulation changes or the URS.

But the contract was signed regardless, unaffected by the comments, which caused one registrar, NameCheap, to describe the process as a “sham”.

With this apparently specific reference to “base” agreements coming so soon thereafter, it’s easy to see how we could have assumed ICANN had decided to cut off public comment on these contentious issues altogether, but that appears to not be the case.

What this seems to mean is that when .com next comes up for renewal, it will be open for comment.

New gTLDs slip again in Q1

The number of domains registered in new gTLDs slipped again in the first quarter, but it was not as bad as it could have been.

Verisign’s latest Domain Name Industry Brief, out today, reports that new gTLD domains dropped by 800,000 sequentially to end March at a round 23.0 million.

It could have been worse.

New gTLD regs in Q1 were actually up compared to the same period last year, by 2.8 million.

That’s despite the fact that GRS Domains, the old Famous Four portfolio, has lost about three million domains since last August.

Verisign’s own .com was up sequentially by two million domains and at 141 million, up by 7.1 million compared to Q1 2018. But .net’s decline continued. It was down from 14 million in December to 13.8 million in March.

Here’s a chart (click to enlarge) that may help visualize the respective growth of new gTLDs and .com over the last three years. The Y axes are in the millions of domains.

.com v new gs

New gTLDs have shrunk sequentially in six of the last 12 quarters, while .com has grown in all but two.

The ccTLD world, despite the woes reported by many European registries, was the strongest growth segment. It was up by 2.5 million sequentially and 10 million compared to a year ago to finish the period with 156.8 million.

But once you factor out .tk, the free TLD that does not delete expired or abusive names, ccTLDs were up by 1.4 million sequentially and 7.8 million on last year.

These 27 companies have ditched the .com for their dot-brand

Earlier today, I listed what I believe might be the top 10 dot-brand gTLDs with the most active web sites, but noted that it was probably a rubbish way to gauge the success of the dot-brand concept.

As a follow-up, I thought I’d figure out which brands have taken the bold step of ditching the .com and made their dot-brand their primary web destination.

I found 27 TLDs, which is simultaneously not a lot and easily twice as many as I was expecting.

The most-popular second-level string was “home”, with 12 examples. The string “global” occurs five times on the list.

I did this research manually with Google and a list of 275 dot-brands — anything with Spec 13 in its contract and more than two domains in its zone file — culled from my database.

To get on this list, at least one of the following had to be true:

  • The dot-brand was the top hit on Google when searching for the brand in question.
  • The .com redirects to the dot-brand.

Sometimes I had to factor out Google’s enormously irritating habit of localizing results, which would prioritize a .uk domain, particularly in the case of automotive brands.

On a few occasions, if I could not be certain whether the “official” primary site was in a ccTLD or the dot-brand, I used the brand’s Wikipedia page as a tie-breaker.

Some entries on the list may be a bit debatable.

I’m not sure whether .barclays should be there, for example. There’s little doubt in my mind that barclays.co.uk is the site that the majority of Barclays’ banking customers use, but barclays.com redirects visitors to home.barclays, so it fits my criteria.

In general, I’ve erred on the side of caution. If the top search result was for the brand’s .com, it was immediately ruled out, no matter how enthusiastic a dot-brand user the company otherwise appeared to be.

Here’s the list. Please let me know if you think I’ve missed any.

TLDBrand2LD
bnpparibasBNP Paribasgroup
bradescoBanco Bradesco S.A.banco
canonCanon Inc.global
cernEuropean Organization for Nuclear Research (CERN)home
cuisinellaSALM S.A.S.ma
dhlDeutsche Post AGlogistics
fageFage International S.A.home
hisamitsuHisamitsu Pharmaceutical Co.,Inc.global
ipirangaIpiranga Produtos de Petroleo S.A.portal
komatsuKomatsu Ltd.home
kpmgKPMG International Cooperativehome
locusLocus Analytics LLChome
neustarNeuStar, Inc.home
pictetPictet Europe S.A.group
pioneerPioneer Corporationglobal
praxiPraxi S.p.A.praxi
sandvikSandvik ABhome
saxoSaxo Bank A/Shome
schmidtSALM S.A.S.home-design
senerSener Ingeniería y Sistemas, S.A.ingenieriayconstruccion
toyotaToyota Motor Corpglobal
warmanWeir Group IP Limitedhome*
weberSaint-Gobain Weber SAhome
weirWeir Group IP Limitedglobal

Twenty-seven gTLDs is not a great many, of course, considering that some dot-brands have been delegated for half a decade already.

It’s about half as many as have already torn up their ICANN registry agreements, and it represents less than 6% of the new gTLDs that my database says have Spec 13 in their contracts.

But I reiterate that this is not a list of companies using their dot-brands but rather of those apparently putting their .com firmly in the back seat to their dot-brand.

.com zone tops 140 million

The .com zone file passed the 140 million domain milestone for the first time today.

According to Verisign’s own count, today there are 140,016,726 .com names in the file. Yesterday, it had 139,979,307 names.

It’s taken since November 2017 to add the last 10 million names.

Adding registered names not in the zone, what Verisign calls its “Domain Name Base”, .com is currently at 141,857,360 domains.

Meanwhile, .net is continuing to shrink.

It has 13,441,748 names in its zone today, down from an October 2016 peak of over 15.8 million.

The .net domain name base is 13,668,548.

Pretty soon, if the slide continues, Verisign won’t be able to round up to 14 million in its quarterly reports any more.

ICA rallies the troops to defeat .org price hikes. It won’t work

Kevin Murphy, April 25, 2019, Domain Registries

Over 100 letters have been sent to ICANN opposing the proposed lifting of price caps in .org, after the Internet Commerce Association reached out to rally its supporters.

This is an atypically large response to an ICANN public comment period, and there are four days left on the clock for more submissions to be made, but I doubt it will change ICANN’s mind.

Almost all of the 131 comments filed so far this month were submitted in the 24 hours after ICA published its comment submission form earlier this week.

About a third of the comments comprise simply the unedited ICA text. Others appeared to have been inspired by the campaign to write their own complaints about the proposal, which would scrap the 10%-a-year .org price increase cap Public Interest Registry currently has in place.

Zak Muscovitch, ICA’s general counsel, told DI that as of this morning the form generates different template text dynamically. I’ve spotted at least four completely different versions of the letter just by refreshing the page. This may make some comments appear to be the original thoughts of their senders.

This is the original text, as it relates to price caps:

I believe that legacy gTLDs are fundamentally different from for-profit new gTLDs. Legacy TLDs are essentially a public trust, unlike new gTLDs which were created, bought and paid for by private interests. Registrants of legacy TLDs are entitled to price stability and predictability, and should not be subject to price increases with no maximums. Unlike new gTLDs, registrants of legacy TLDs registered their names and made their online presence on legacy TLDs on the basis that price caps would continue to exist.

Unrestrained price increases on the millions of .org registrants who are not-for-profits or non-profits would be unfair to them. Unchecked price increases have the potential to result in hundreds of millions of dollars being transferred from these organizations to one non-profit, the Internet Society, with .org registrants receiving no benefit in return. ICANN should not allow one non-profit nearly unlimited access to the funds of other non-profits.

The gist of the other texts is the same — it’s not fair to lift price caps on domains largely used by non-profits that may have budget struggles and which have built their online presences on the old, predictable pricing rules.

The issues raised are probably fair, to a point.

Should the true “legacy” gTLDs — .com, .net and .org — which date from the 1980s and pose very little commercial risk to their registries, be treated the same as the exceptionally risky gTLD businesses that have been launched since?

Does changing the pricing rules amount to unfairly moving the goal posts for millions of registrants who have built their business on the legacy rules?

These are good, valid questions.

But I think it’s unlikely that the ICA’s campaign will get ICANN to change its mind. The opposition would have to be broader than from a single interest group.

First, the message about non-profits rings a bit hollow coming from an explicitly commercial organization whose members’ business model entails flipping domain names for large multiples.

If a non-profit can’t afford an extra 10 bucks a year for a .org renewal, can it afford the hundreds or thousands of dollars a domainer would charge for a transfer?

Even if PIR goes nuts, abandons its “public interest” mantra, and immediately significantly increases its prices, the retail price of a .org (currently around $20 at GoDaddy, which has about a third of all .orgs) would be unlikely to rise to above the price of PIR-owned .ong and .ngo domains, which sell for $32 to $50 retail.

Such an increase might adversely affect a small number of very low-budget registrants, but the biggest impact will be felt by the big for-profit portfolio owners: domainers.

Second, letter-writing campaigns don’t have a strong track record of persuading ICANN to change course.

The largest such campaign to date was organized by registrars in 2015 in response to proposals, made by members of the Privacy and Proxy Services Accreditation Issues working group, that would have would have essentially banned Whois privacy for commercial web sites.

Over 20,000 people signed petitions or sent semi-automated comments opposing that recommendation, and ICANN ended up not approving that specific proposal.

But the commercial web site privacy ban was a minority position written by IP lawyers, included as an addendum to the group’s recommendations, and it did not receive the consensus of the PPSAI working group.

In other words, ICANN almost certainly would not have implemented it anyway, due to lack of consensus, even if the public comment period had been silent.

The second-largest public comment period concerned the possible approval of .xxx in 2010, which attracted almost 14,000 semi-automated comments from members of American Christian-right groups and pornographers.

.xxx was nevertheless approved less than a year later.

ICANN also has a track record of not acceding to ICA’s demands when it comes to changes in registry agreements for pre-2012 gTLDs.

ICA, under former GC Phil Corwin, has also strongly objected to similar changes in .mobi, .jobs, .cat, .xxx and .travel over the last few years, and had no impact.

ICANN seems hell-bent on normalizing its gTLD contracts to the greatest extent possible. It’s also currently proposing to lift the price caps on .biz and .info.

This, through force of precedent codified in the contracts, could lead to the price caps one day, many years from now, being lifted on .com.

Which, let’s face it, is what most people really care about.

Info on the .org contract renewal public comment period can be found here.

KPMG dumps .com for dot-brand gTLD

Kevin Murphy, April 12, 2019, Domain Registries

KPMG has become the latest company to dump its .com domain in favor of its dot-brand gTLD.

The company recently announced that it is now using home.kpmg as its primary web site domain, replacing kpmg.com.

The migration appears to be complete already. URLs on the old .com address now bounce users to the equivalent page on .kpmg. Web searches for KPMG return the .kpmg domain as the top hit.

KPMG said in a press release:

The move enhances the KPMG brand through a strong, simplified name, and provides end users with a level of assurance that any site that ends with .kpmg is owned and operated by KPMG.

Since the top level domain can only be used by KPMG, visitors to sites that use the new top level domain can easily confirm its authenticity and be assured that the information they contain is reliable and secure.

The company said that it is the first of the “Big Four” professional services firms to make the switch.

This is technically correct. Rival Deloitte uses several .deloitte domains, but it has not bit the bullet and migrated from its .com.

Of the other two, Ernst & Young does not have a dot-brand, and PricewaterhouseCoopers does not use its .pwc extension beyond a single experimental domain that redirects to pwc.com.

KPMG had revenue just shy of $29 billion last year and is one of the most recognizable brands in the corporate world.

.com outsells new gTLDs by 2:1 in 2018

The number of registered .com domains increased by more than double the growth of all new gTLDs last year, according to figures from Verisign.

The latest Domain Name Industry Brief reports that .com grew by 7.1 million names in 2018, while new gTLDs grew by 3.2 million names.

.com ended the year with 139 million registered names, while the whole new gTLD industry finished with 23.8 million.

It wasn’t all good news for Verisign, however. Its .net gTLD shrunk by 500,000 names over the period, likely due to the ongoing impact of the new gTLD program.

New gTLDs now account for 6.8% of all registered domains, compared to 6.2% at the end of 2017, Verisign’s numbers state.

Country codes fared better than .com in terms of raw regs, growing by 8.2 million domains to finish 2018 with 154.3 million names.

But that’s including .tk, the free ccTLD where dropping or abusive domains are reclaimed and parked by the registry and never expire.

Excluding .tk, ccTLDs were up by 6.6 million names in the year. Verisign estimates .tk as having a modest 21.5 million names.

The latest DNIB, and quarterly archives, can be downloaded from here.

Verisign gets approval to sell O.com for $7.85

ICANN is to grant Verisign the right to sell a single-character .com domain name for the first time in over 25 years.

The organization’s board of directors is due to vote next Thursday to approve a complex proposal that would see Verisign auction off o.com, with almost all of the proceeds going to good causes.

“Approval of Amendment to Implement the Registry Service Request from Verisign to Authorize the Release for Registration of the Single-Character, Second-Level Domain, O.COM” is on the consent agenda for the board’s meeting at the conclusion of ICANN 64, which begins Saturday in Kobe, Japan.

Consent agenda placement means that there will likely be no further discussion — and no public discussion — before the board votes to approve the deal.

Verisign plans to auction the domain to the highest bidder, and then charge premium renewal fees that would essentially double the purchase price over a period of 25 years.

But the registry, already under scrutiny over its money-printing .com machine, would be banned from profiting from the sale.

Instead, Verisign would only receive its base registry fee — currently $7.85 per year — with the rest being held by an independent third party that would distribute the funds to worthy non-profit causes.

ICANN had referred the Verisign proposal, first put forward in December 2016, to the US government, and the Department of Justice gave it the nod in December 2017.

There was also a public comment period last May.

The request almost certainly came about due to Overstock.com’s incessant lobbying. The retailer has been obsessed with obtaining o.com for well over a decade, but was hamstrung by the legacy policy, enshrined in the .com registry agreement, that forbids the sale of single-character domains.

Whoever else wants to buy o.com, they’ll be bidding against Overstock, which has a trademark.

It’s quite possible nobody else will bid.

When Overstock briefly rebranded as O.co several years ago — it paid $350,000 for that domain — it said it saw 61% of its traffic going to o.com instead.

All single-character .com names that had not already been registered were reserved by IANA for technical reasons in 1993, well before ICANN took over DNS policy.

Today, only q.com, z.com and x.com are registered. Billionaire Elon Musk, who used x.com to launch PayPal, reacquired that domain for an undisclosed sum in 2017. GMO Internet bought z.com for $6.8 million in 2014.

With the sale of o.com now a near certainty, it is perhaps only a matter of time before more single-character .com names are also released.

No gTLD approved after 2012 has a restriction on single-character domains.

As a matter of disclosure: several years ago I briefly provided some consulting/writing services to a third party in support of the Verisign and Overstock positions on the release of single-character domain names, but I have no current financial interest in the matter.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.