Latest news of the domain name industry

Recent Posts

VeriSign yanks domain seizure power request

Kevin Murphy, October 13, 2011, Domain Registries

That was quick.

VeriSign has withdrawn its request for new powers to delete domain names being used for abusive purposes, just a few days after filing it with ICANN.

The company had proposed a policy that would give law enforcement the ability to seize .com and .net names apparently without a court order, and a new malware scanning service.

The former came in for immediate criticism from groups including the American Civil Liberties Union and the Electronic Frontier Foundation, while the latter appeared to have unnerved some registrars.

But now both proposals have been yanked from ICANN’s Registry Services Evaluation Process queue.

This is not without precedent. Last year, VeriSign filed for and then withdrew requests to auction off one-letter .net names and a “Domain Name Exchange” service that looked a bit like domain tasting.

Both came in for criticism, and have not reappeared.

Whether the latest abuse proposals will make a reappearance after VeriSign has had time to work out some of the more controversial kinks remains to be seen.

Should .com get a thick Whois?

Kevin Murphy, September 23, 2011, Domain Registries

The ICANN community has taken another baby step towards pushing VeriSign into implementing a “thick” Whois database for .com and .net domain names.

The GNSO Council yesterday voted to ask ICANN to prepare an Issue Report exploring whether to require “all incumbent gTLDs” to operate a thick Whois. Basically, that means VeriSign.

The .com and .net registries currently run on a “thin” model, whereby each accredited registrar manages their own Whois databases.

Most other gTLDs today run thick registries, as will all registries approved by ICANN under its forthcoming new gTLDs program.

The thinness of .com can cause problems during inter-registrar transfers, when gaining and losing registrars have no central authoritative database of registrant contact details to rely upon.

In fact, yesterday’s GNSO vote followed the recommendations of a working group that decided after much deliberation that a thick .com registry may help reduce bogus or contested transfers.

Trusting registrars to manage their own Whois is also a frequent source of frustration for law enforcement, trademark interests and anti-spam firms.

Failure to maintain a functional web-based or port 43 Whois interface is an often-cited problem when ICANN’s compliance department terminates rogue registrars.

Now that an Issue Report has been requested by the GNSO, the idea of a thick .com moves closer to a possible Policy Development Process, which in turn can create binding ICANN consensus policies.

There’s already a clause in VeriSign’s .com registry agreement that gives ICANN the right to demand that it creates a centralized Whois database.

Switching to a thick model would presumably not only transfer responsibility to VeriSign, but also cost and liability, which is presumably why the company seems to be resisting the move.

Don’t expect the changes to come any time soon.

Writing the Issue Report is not expected to be a priority for ICANN staff, due to their ongoing chronic resource problems, and any subsequent PDP could take years.

The alternative – for ICANN and VeriSign to come to a bilateral agreement when the .com contract comes up for renewal next year – seems unlikely given that ICANN did not make a similar requirement when .net was renegotiated earlier this year.

VeriSign to raise .com and .net prices again

VeriSign has announced price increases for .com and .net domain name registrations.

From January 15, 2012, .com registry prices will increase from $7.34 to $7.85 and .net fees will go up from $4.65 to $5.11.

That’s a 10% increase for .net and a 7% increase for .com, the maximum allowable under its registry agreements with ICANN.

As ever, registrants have six months to lock down their domains at current pricing by renewing for periods of up to 10 years.

The last time VeriSign raised prices, also by 7% and 10%, the higher prices became effective a year ago, July 2010.

VeriSign’s contract for .net was renewed last month after it was approved by the ICANN board of directors.

Its .com contract comes up for renewal next year.

Feds seize billion-dollar poker domains

Kevin Murphy, April 15, 2011, Domain Policy

Five domain names associated with online poker sites have been seized by the FBI as part of an investigation that has also seen 11 people indicted.

The principals of PokerStars, Absolute Poker and Full Tilt Poker, along with third-party “payment processors”, stand accused of engaging in a massive money laundering scheme in order to accept billions of dollars of payments from American gamblers in violation of US laws.

The charges carry possible maximum sentences of between five and 30 years in prison, along with substantial monetary fines. Two men have been arrested, a third is due to be arraigned, and the remainder are currently outside of the US, according to a press release (pdf).

The US Attorney for the Southern District of New York said five domain names have been seized by the FBI in connection with the prosecutions.

It’s not yet clear which domains have been seized.

From where I’m sitting in London, absolutepoker.com already shows an FBI warning banner, but pokerstars.com and fulltiltpoker.com both resolve normally. I may be receiving cached DNS data.

Blogger Elliot Silver, sitting behind a resolver on the other side of the pond, reports that ub.com is among the seized domains.

Unlike previous recent seizures, which were carried out by the US Immigration and Customs Enforcement agency, this time the FBI appears to be the responsible agency.

And this time, these aren’t two-bit file-sharing forums or Chinese knock-off merchandise sites, we’re talking about businesses that are perfectly legal in many jurisdictions, clearing billions in revenue.

But according to US Attorney’s charges, the companies carried out an elaborate plan to cover up the sources of their revenue through third parties and phoney bank accounts.

The companies are even alleged to have made multi-million dollar investments in failing banks in order to get them to turn a blind eye to the illicit gambling activities.

It appears that the FBI went straight to the .com registry, VeriSign, as some of the affected domains appear to be registered through UK-based corporate registrar Com Laude.

If you’re wondering whether this is yet another confirmation that all .com domains are subject to US jurisdiction, this is your takeaway sentence, from Manhattan US Attorney Preet Bharara:

Foreign firms that choose to operate in the United States are not free to flout the laws they don’t like simply because they can’t bear to be parted from their profits.

The suits seek $3 billion in allegedly ill-gotten gains to be returned.

Domain security arrives in .com

Kevin Murphy, April 1, 2011, Domain Tech

VeriSign announced late yesterday that it has fully implemented DNSSEC in .com, meaning pretty much anyone with a .com domain name can now implement it too.

DNSSEC is a domain-crypto protocol mashup that allows web surfers, say, to trust that when they visit wellsfargo.com they really are looking at the bank’s web site.

It uses validatable cryptographic signatures to prevent cache poisoning attacks such as the Kaminsky Bug, the potential internet-killer that caused panic briefly back in 2008.

With .com now supporting the technology, DNSSEC is now available in over half of the world’s domains, due to the size of the .com zone. But registrants have to decide to use it.

I chatted to Matt Larson, VeriSign’s VP of DNS research, and Sean Leach, VP of technology, this afternoon, and they said that .com’s signing could be the tipping point for adoption.

“I feel based on talking to people that everybody has been waiting for .com,” Larson said. “It could open the floodgates.”

What we’re looking at now is a period of gradual adoption. I expect a handful of major companies will announce they’ve signed their .coms, probably in the second half of the year.

Just like a TLD launch, DNSSEC will probably need a few anchor tenants to raise the profile of the technology. Paypal, for example, said it plans to use the technology at an ICANN workshop in San Francisco last month, but that it will take about six months to test.

“Most people have their most valuable domains in the .com space,” said Leach. “We need some of the big guys to be first movers.”

There’s also the issue of ISPs. Not many support DNSSEC today. The industry has been talking up Comcast’s aggressive deployment vision for over a year now, but few others have announced plans.

And of course application developer support is needed. Judging from comments made by Mozilla representatives in San Francisco, browser makers, for example, are not exactly champing at the bit to natively support the technology.

You can, however, currently download plugins for Firefox that validate DNSSEC claims, such as this one.

According to Leach, many enterprises are currently demanding DNSSEC support when they buy new technology products. This could light a fire under reluctant developers.

But DNSSEC deployment will still be slow going, so registries are doing what they can to make it less of a cost/hassle for users.

Accredited registrars can currently use VeriSign’s cloud-based signing service for free on a trial basis, for example. The service is designed to remove the complexity of managing keys from the equation.

I’m told “several” registrars have signed up, but the only one I’m currently aware of is Go Daddy.

VeriSign and other registries are also offering managed DNSSEC as part of their managed DNS resolution enterprise offerings.

Neither of the VeriSign VPs was prepared to speculate about how many .com domains will be signed a year from now.

I have the option to turn on DNSSEC as part of a Go Daddy hosting package. I probably will, but only in the interests of research. As a domain consumer, I have to say the benefits haven’t really been sold to me yet.

VeriSign’s upcoming battle for the Chinese .com

Kevin Murphy, February 16, 2011, Domain Registries

Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.

Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.

I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.

VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.

While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.

Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?

If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.

Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?

That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.

Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?

If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.

UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.

VeriSign scores big win in .com pricing lawsuit

Kevin Murphy, February 14, 2011, Domain Registries

VeriSign has successfully had an antitrust lawsuit, which claims the company has been raising .com domain name prices anti-competitively, dismissed by a California court.

While it’s encouraging news if you’re a VeriSign shareholder, the Coalition for ICANN Transparency, which filed the suit, will be allowed to amend and re-file its complaint.

The basis for the dismissal (pdf) goes to the central irony of CFIT – the fact that, despite its noble name, it’s not itself a particularly transparent organization.

CFIT was set up in 2005 in order to sue ICANN and VeriSign over their deal that gave VeriSign the right to raise the price of .com and .net domains, and to keep its registry contracts on favorable terms.

While it was cagey about who was backing the organization, those of us who attended the ICANN meeting in Vancouver that year knew from the off it was primarily a front for Momentous.ca, owner of Pool.com and other domainer services.

In dismissing the case last Friday, Judge Ronald Whyte decided that CFIT’s membership is vague enough to raise a question over its standing to sue on antitrust grounds. He wrote:

By failing to identify its purported members, CFIT has made it impossible to determine whether the members are participants in the alleged relevant markets, or whether they have suffered antitrust injury. Because the [Third Amended Complaint] identifies no members of CFIT, it must be dismissed.

While CFIT had disclosed some time ago Pool.com’s involvement, it recently tried to add uber-domainer Frank Schilling’s Name Administration Inc and iRegistry Corp to the list of its financial supporters.

But Whyte was not convinced that the two companies were CFIT “members” with standing to sue.

Whyte decided that CFIT’s complaint, “fatally fails to allege facts showing that iRegistry or Name Administration were financial supporters or members at the time the complaint was filed”.

He also denied CFIT’s demand for a jury trial.

CFIT wants VeriSign to return all the excess profits it has made on .com registrations since it started raising its prices above $6.

If CFIT were to win, it would severely curtail VeriSign’s ability to grow its registry business, and could lead to billions being wiped off its accounts.

The organization has been given leave to file a fourth amended complaint, so it’s not over yet.

VeriSign launches free cloud domain security service

Kevin Murphy, December 2, 2010, Domain Tech

VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.

The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.

DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.

It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.

While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.

The ultimate industry plan is for all domain names to use DNSSEC before too many years.

One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.

A VeriSign spokesperson told me:

The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.

In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.

Nominet study reveals advertisers’ favorite TLDs

Kevin Murphy, November 4, 2010, Domain Registries

Domains ending in .uk are more popular among advertisers in the UK than .com domains, but not massively so, according to research published today by Nominet, the .uk registry.

A study of 10,000 UK ads found that 65% of them contained a URL, and that 55% of those was a .uk, compared to 42% that were .com names.

I find that first number quite surprising – why are 35% of advertisers not doing something so simple and risk-free as including their domains in their ads? It doesn’t seem to make much sense.

The break-down between .uk and .com surprises me less. In my experience on both sides of the Atlantic, fewer Brits than Americans think of .com as a purely US-oriented TLD.

We share a language after all, and the pervasiveness of the phrase “dot-com” in the late 1990s saw many big British online brands, such as LastMinute.com, opt for generic domains.

Interestingly, Nominet also managed to uncover a correlation between how business-focussed a publication was and use of .com domains over .uk.

Computer Weekly, a trade publication, had .uk addresses in only 33% of its ads, while Computer Shopper, a consumer publication, had them 64% of the time.

At the two extremes, news weekly The Economist had .coms in 82% of its ads, while Auto Express ads were 80% .uk addresses. The average across all magazines was 60% in favor of .uk.

It’s the most comprehensive study of .com versus .uk I’ve read, containing far too many statistics to enumerate here, but it’s also a quick read. It can be downloaded here.

VeriSign to deploy DNSSEC in .com next March

Kevin Murphy, October 29, 2010, Domain Tech

VeriSign is to start rolling out the DNSSEC security protocol in .net today, and will sign .com next March, the company said today.

In an email to the dns-ops mailing list, VeriSign vice president Matt Larson said that .net will get a “deliberately unvalidatable zone”, which uses unusable dummy keys for testing purposes, today.

That test is set to end on December 9, when .net will become fully DNSSEC-compatible.

The .com TLD will get its own unvalidatable zone in March, but registrars will be able to start submitting cryptographic keys for the domains they manage from February.

The .com zone will be validatable later in March.

The DNSSEC standard allows resolvers to confirm that DNS traffic has not been tampered with, reducing the risk of attacks such as cache poisoning.

Signing .com is viewed as the last major registry-level hurdle to jump before adoption kicks off more widely. The root zone was signed in July and a few dozen other TLDs, such as .org, are already signed.