Latest news of the domain name industry

Recent Posts

CentralNic seeing no impact from coronavirus

CentralNic, the triple-play domain company, has told the markets that the coronavirus pandemic is not having an impact on its financial health.

In a statement yesterday, the company said:

To date, CentralNic has not experienced interruptions in its services to customers or in its supply chain, and the Company confirms that its current trading is in line with market expectations.

CentralNic’s business is expected to remain resilient. Its services are procured and delivered over the internet, and the majority of CentralNic’s revenues are payments from existing subscribers and customers on rolling contracts. The Company’s core product is the sale of domain names, which are core infrastructure that enable the functioning of email and websites — the most important communication tools used between work colleagues working remotely and between companies and their customers.

The company makes most of its money from the retail side of the industry nowadays, largely via a network of thousands of resellers, but it also runs its own TLD registries and acts as a back-end for some high-volume TLDs such as .xyz.

It expects to report its 2019 financial results and a summary of its Q1 performance a few weeks from now.

ICANN expects “significant” budget impact from coronavirus

Kevin Murphy, April 7, 2020, Domain Policy

The ongoing coronavirus pandemic is expected to have a “significant” impact on ICANN’s budget, according to an update from the organization.

The organization published its expectations of a $140.4 million budget for the fiscal year that begins this July last December, and opened it up for public comments.

In its summary of those comments (pdf), which had a February 25 deadline and therefore were not focused on the pandemic’s potential impact, ICANN said:

the COVID-19 pandemic is affecting significantly the entire world. ICANN expects that its activities and financial position will be significantly impacted as well. The ICANN org is working with the Board to assess and monitor the potential impact to ICANN’s funding, and planned work such as face-to-face meetings, travel, etc.

Any pandemic-related changes to the budget will be published prior to board approval, ICANN said.

So where is ICANN expecting the impact? It’s not entirely clear. I would expect to see some minor gains from slashing its travel budget in the wake of social distance rules, but it’s less obvious where a “significant” shortfall could occur.

ICANN had operational revenue — the money it gets from billing registries and registrars — of $136.8 million in the fiscal year ending June 30, 2019, its most recently reported year (pdf).

Of that total, roughly $56 million came from the market leaders in both segments, Verisign and GoDaddy, both of which have been given glowing analyst coverage since the outbreak began.

One commentator recently wrote that Verisign is “immune” from coronavirus and GoDaddy’s CFO told analysts just last week that he expects the impact of coronavirus to be “minimal” in the first quarter. That could of course change in future.

Almost half of ICANN’s revenue, some $65.7 million, comes from the top 10 registries and registrars.

So is ICANN expecting to see weakness in the long tail, the few thousand accredited registrars and gTLD registries that account for under $1 million in ICANN contributions per year? Is it expecting reduced voluntary contributions from the ccTLDs and Regional Internet Registries?

Will coronavirus cause huge numbers of small businesses to abandon their domains as they go out of business? Will it inspire large numbers of the recently unemployed and quarantined to start up web-based businesses in an attempt to put food on the table? Will it cause large portfolio owners to downsize to save costs?

All of these outcomes seem possible, but these are unprecedented times, and I couldn’t being to guess how it will play out.

Namecheap and others banning coronavirus domains

Kevin Murphy, March 26, 2020, Domain Registrars

Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.

For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.

The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.

CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.

A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.

Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:

Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.

So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.

Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.

Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.

“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.

Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.

Go here to help fight against coronavirus abuse

Kevin Murphy, March 26, 2020, Domain Tech

A coalition of over 1,000 security experts, domain name providers and others have got together to help coordinate efforts to combat abusive coronavirus-related domains.

A workspace on the collaboration platform Slack has been growing steadily since it was created a week ago, enabling technology professionals to exchange information about the alarming number of sites currently trying to take advantage of the pandemic.

You can join the channel via this link. Thanks to Theo Geurts of RealtimeRegister.com for passing it along.

The collection of chat rooms appears to have been created by Joshua Saxe, chief scientist at security software firm Sophos, March 19. There are currently 1,104 members.

There’s a channel devoted to malicious domains, which is being used to share statistical data and lists of bad and good coronavirus-related domains, among other things.

Across the workspace, a broad cross-section of interested parties is represented. Current members appear to come from security companies, governments, law enforcement, registries, registrars, ICANN, healthcare providers, and others.

It seems like a pretty good way for the technical members of the domain name industry to keep track of what’s going on during the current crisis, potentially helping them to put a stop to threats using domains they manage as they emerge.

As it releases free download, DomainTools says 68,000 dangerous coronavirus domains have been registered

Kevin Murphy, March 26, 2020, Domain Services

More than 68,000 coronavirus-related domain names have been registered so far in 2020, according to data released by DomainTools today.

The domain intelligence services company has started publishing a list of these domains, updated daily, for free on its web site. You have to submit your email address to get it.

The download comprises a CSV file with three columns: domain, reg date, and Domain Risk Score.

This final field is based on DomainTools’ in-house algorithms that estimate how likely domains are likely to be used in nefarious activities, based on criteria including the domain’s connection to other, known-bad domains.

Only domains with a score of 70 or above out of 100 — indicating they will likely be used for activities such as phishing, malware or spam — will be included on the list, the company said.

The list will be updated daily at 0000 UTC.

You can find out more and obtain today’s list here.

No .com price increases this year. Thanks, coronavirus!

Kevin Murphy, March 26, 2020, Domain Registries

Verisign won’t increase prices on .com or any of its other TLDs this year.

The promise comes as part of a package of coronavirus-related measures the company announced on its blog yesterday. Verisign said:

In order to support individuals and small businesses affected by this crisis, Verisign will freeze registry prices for all of our Top-Level Domains (TLDs), including .com and .net, through the end of 2020. In addition, we will soon deploy a program, available to all retail registrars, to provide support and assistance for domain name registrants whose domain names will be expiring in the coming months.

No additional details on the proposed registrant support program were made available.

The pricing news sounds good, especially for high-volume domain owners such as domainers and trademark owners, but it should be noted that in the case of .com it amounts to a mere two-month price freeze.

Under the terms of its current agreement with ICANN, it can’t raise prices at all. The controversial proposed amendments that recently attracted about 9,000 objections, would reinstate price-raising powers.

However, assuming ICANN approves the new contract, which seems likely, Verisign would only be able to up its fees in the final four years of its six-year deal. The first of those four years begins October 20 this year.

Conceivably, it could have announced a 7% price hike for .com on October 21, but the company has now said that it will not.

Verisign also said yesterday that it’s donating an “initial” $2 million to “first responders and medical personnel in the Northern Virginia area, the United Way’s COVID-19 relief efforts, and the Semper Fi & America’s Fund”.

It is also doubling the funding available to the scheme where it matches employees’ charitable donations, which could increase (and incentivize) giving to coronavirus-related causes.

US officials gunning for coronavirus domains

Kevin Murphy, March 24, 2020, Domain Registrars

US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.

In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.

The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.

Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.

The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.

This is an identity theft scam and wire fraud, the complaint says.

Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.

In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:

  • The use of automated and human review of domain name registration and traffic patterns to identify fraud;
  • Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
  • Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
  • De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.

In other words: try to stop these domains being registered, and take them down if they are.

No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.

Nominet to intercept dangerous coronavirus domains

Kevin Murphy, March 24, 2020, Domain Registries

Nominet, the .uk registry, will start providing informational landing pages when it suspends domains for criminal behavior including coronavirus-related scams.

The company already suspends tens of thousands of domains every year at the request of law enforcement agencies.

The vast majority are related to intellectual property infringement such as counterfitting and piracy. A substantially smaller number are suspended due to the sale of fake pharmaceuticals.

Rather than Nominet suspending these domains, stopping them resolving, they will now instead resolve to landing pages “providing consumer advice and education”.

It’s similar to how the FBI handles domains it has seized during criminal investigations in the US, but Nominet says it’s the first example in the world of such a program being rolled out by a registry.

The first LEAs taking part in the program are the Medicines and Healthcare Products Regulatory Agency and the City of London’s Police Intellectual Property Crime Unit.

While Nominet pitched the news as coronavirus-related, the timing appears to be coincidental.

The company first announced its landing page plan last October, when it was opened to public consultation.

A MHRA spokesperson said in a Nominet press release that suspended domains will redirect to its “#fakemeds website”, which currently has a great deal to say about penis pills but nothing at all to say about coronavirus.

An open question to the domain name industry about coronavirus

Kevin Murphy, March 24, 2020, Domain Policy

“Don’t worry. We’ve done this before.”

That was pretty much the first sentence out of my grandmother’s mouth when I called to wish her a happy Mother’s Day.

She was talking about World War II and the immediate post-war years. She’s 94, so she saw both.

She’s no Uncle Albert. I don’t think I’ve ever heard her talk about “The War” before. Not once. But when her grandson called her for the first time in embarrassing months, that was where her mind went straight away.

They couldn’t get oranges, for years, back then. If you were diabetic, you couldn’t get sugar, but they gave you extra butter instead. She developed an aversion to canned pineapple chunks that persists to this day. She still has her ration book, a souvenir of trying times, squirreled away somewhere.

She was in generally good spirits. She knows that Covid-19, if it gets through the front door of her granny flat, will very likely be the end of her. Her mind is fully intact, but her body is all kinds of fucked up. But she and the family members who bring her food are taking the proper precautions. And, she said, she’s been self-isolating since November anyway. What’s another 12 weeks?

The WWII comparison was not at all surprising to hear, of course. A lot of us have been thinking similar things. The media is currently resplendent with uplifting examples of what we Brits refer to as the “Blitz spirit” — unity and stoicism in the face of overwhelming adversity.

There are significant differences, of course.

The enemy now is not an identifiable political faction with a skull on its cap, but a remorseless, invisible beastie. The Allies are not a collection of like-minded liberal nations, but literally the entire human species.

The baddies don’t want to shoot you. They want to infiltrate your nasal cavity and make you accidentally kill your parents with a hug. You kill them with soap.

Back then, we required young men to travel overseas to kill and potentially die to serve the greater good. We asked the women they left behind to take to the factory floors and work traditionally male jobs. Now, all we ask of them is that they don’t go down the pub on a Saturday night, and apparently sometimes even that’s too big of an ask.

Society is asking me to work from home during the day and do nothing more than watch TV and play Xbox in the evenings. Fine. I can do that. I was doing that anyway. This, apparently, is how my generation gets to save lives.

It doesn’t feel like much of a sacrifice.

Worldwide, people are sitting alone at home, twiddling their thumbs, watching slightly-less-than-hi-def Netflix, and wondering how they can do more to make a positive difference in this civilizational battle.

In the domain industry, we’ve recently seen the Internet Commerce Association attempt to help out people who are financially struggling due to coronavirus with its #DomainAssist Twitter campaign.

I’m not sure how effective it’s going to be, but ICA members have money, are trying to make a difference, and I’m certainly not going to knock them for it.

But there is one battle that the domain industry is uniquely positioned, and maybe even obligated, to fight.

That’s the fight against misinformation.

The World Health Organization started alerting the world to the Covid-19 “infodemic” in early February.

“We’re not just fighting an epidemic; we’re fighting an infodemic,” WHO director-general Tedros Adhanom said at the Munich Security Conference February 15. “Fake news spreads faster and more easily than this virus, and is just as dangerous.”

Hear that? The world’s top doc says that misinformation is just as dangerous as something that could kill your grandmother.

Just as crime flourished in London during the Blitz, 21st century fraudsters have been quick to take advantage of the coronavirus panic.

The fake news ranges from the harmlessly satirical — a quarantined Tom Hanks being supplied with a volleyball for company — to the life-threatening — tales of how ingesting silver, taking cocaine or drinking bleach can protect your from the virus.

In India, fake news is persuading people to drink cow piss.

Some of these scammers are just conspiracy theorists raging against the Big Pharma machine. Others are actively trying to make money hawking bogus and dangerous fake vaccines and cures. In the era of pandemic, they’re just as bad as each other.

It’s serious stuff. An infected person who thinks they’ve ingested the magic cure is less likely to take the proper precautions and more likely to transmit the virus to others, who will transmit it to others, who will transmit it to others… and then a bunch of people die.

So far, the WHO and other health authorities have rightly been focused largely on the social media platforms where the majority of this bogosity spreads.

The likes of Facebook, Twitter and Google have made changes to their usage policies or content-promotion algorithms in response to the crisis.

Twitter has banned tweets that go against the official guidance on reducing the spread of the virus. Facebook is promoting authoritative news sources and fact-checking misinformation. Google searches for coronavirus return curated, science-based info embedded in the results page, and banned coronavirus-related advertising. YouTube is taking down videos peddling dangerous misinformation.

The social media side of the technology industry certainly seems to be backtracking on its usual “we just a neutral platform” stance.

But it’s not just happening on social media. Many of these posts lead to web sites that are harmful. Some are simple frauds and phishing attacks. Others promote fake cures or urge readers to ignore the official science-based advice.

These web sites use domain names. Thousands have been registered in recent weeks.

NewsGuard has identified dozens of web sites that are promoting coronavirus misinformation. Fact-checking sites such as the AFP and Snopes have identified many more.

So here’s my open question, which I pose to every registry, registrar and reseller reading this:

If you are told about a domain name under your management that is publishing dangerous misinformation, will you take it down?

I’d like to think I know the answer to this question already, but I’m not sure I do.

Registries and registrars are notoriously reluctant to act on complaints about the contents of web sites. Many require a court order before taking action.

During peace time, worthy principles such as free speech, privacy, and legal due process all play a role in this kind of decision-making.

The latest version of the Framework to Address DNS Abuse lists four types of content that its dozens of domain-industry signatories “should” (as opposed to “must”) act on — child sex abuse material, illegal opioid sales, human trafficking, and credible incitements to violence.

The underlying principle leading to this list is “the physical and often irreversible threat to human life”.

I’m reminded of the ethical conundrum faced by EasyDNS and CEO Mark Jeftovic back in 2014, when the company changed its usage policies after a guy died due to fake pharma bought via a domain under its management.

“In one case we have people allegedly pirating Honey Boo Boo reruns and on the other we have people dying. We don’t know where exactly, but the line goes somewhere in between there,” Jeftovic wrote at the time.

I don’t wish to pick on EasyDNS or Jeftovic — changing one’s mind in the face of new evidence is an admirable trait — but I think his quote poses the question quite well.

There’s a line where free speech ends and incitement to virological violence begins.

Figuring out where that line is is something the domain name industry is going to have to get to grips with, fast.

More ICANN events cancelled for May

Kevin Murphy, March 20, 2020, Domain Policy

ICANN has cancelled its annual GDD Industry Summit and DNS Symposium, which had been scheduled to take place in Paris, France, in May.

“The decision to cancel these events was made in light of the rapidly evolving COVID-19 virus outbreak and, for the GDD Summit, included conversations with the Contracted Parties House,” ICANN said in a statement.

The two events had been due to take place back to back from May 3 to 6 and May 7 and 8, respectfully.

The GDD event is for commercial members of the domain name industry — registries and registrars — while the Symposium focuses on the technical side of the industry and had planned to focus on DNS security.

It appears that, unlike ICANN 67, neither is being replaced with a virtual meeting.