Latest news of the domain name industry

Recent Posts

Tech giants gunning for AlpNames over new gTLD “abuse”

A small group of large technology companies including Microsoft and Facebook have demanded that ICANN Compliance take a closer look at AlpNames, the budget registrar regularly singled out as a spammers’ favorite.

The ad hoc coalition, calling itself the Independent Compliance Working Party, wrote to ICANN last week to ask why the organization is not making better use of statistical data to bring compliance actions against the small number of companies that see the most abuse.

AlpNames, the Gibraltar-based registrar under common ownership with new gTLD portfolio registry Famous Four Media, is specifically singled out in the group’s letter.

The letter, sourcing the August 2017 Statistical Analysis of DNS Abuse in gTLDs (pdf), says there “is a clear problem with one particular contracted party”.

AlpNames was the registrar behind over half of the new gTLD domains blacklisted by SpamHaus over the study period, for example, the letter states.

The tiny territory of Gibraltar also frequently ranks unusually highly on abuse lists due to AlpNames presence there, the letter and report say.

The ICWP letter also says that the four gTLDs .win, .loan, .top, and .link were used by over three quarters of abusive domains over the SADAG study period.

The letter calls the abuse rates “troublesome” and says:

We are alarmed at the levels of DNS abuse among a few contracted parties, and would appreciate further information about how ICANN Compliance is using available data to proactively address the abusive activity amongst this subset of contracted parties in order to improve the situation before it further deteriorates.

It goes on to wonder whether high levels of unaddressed abuse could amount to violations of new gTLD Registry Agreements and Registrar Accreditation Agreements, and to ask whether there any barriers to ICANN Compliance pursuing breach claims against such potential violations.

The ICWP comprises Adobe, DomainTools, eBay, Facebook, Microsoft and Time Warner. It’s represented by Fabricio Vayra of Perkins Coie.

Other than the letter (pdf), the Independent Compliance Working Party does not appear to have any web presence, and a spokesperson has not yet responded to DI’s request for more information.

The SADAG report also singled out Chinese registrar Nanjing Imperiosus Technology Co, aka DomainersChoice.com, as having particularly egregious levels of abuse, but noted that this abuse disappeared after ICANN terminated its RAA last year.

AlpNames has not to date had any public breach notices issued against it, but this is certainly not the first time it’s been singled out for public censure.

In November last year, ICANN’s Competition, Consumer Trust, and Consumer Choice Review Team (CCT) named it in a report that claimed: “Certain registries and registrars appear to either positively encourage or at the very least willfully ignore DNS abuse.”

AlpNames seems to have been used often by abusers due to its bargain-basement, often sub-$1 prices — making disposable domains more cost effective — and its tool that allowed up to 2,000 domains to be registered simultaneously.

If not actively soliciting abusive behavior, these factors certainly don’t make abuse any more difficult.

Bur will ICANN Compliance take action in response to the criticism leveled by CCT and now ICWP?

The main problem with the ICWP letter, and the SADAG report it is based upon, is that the data it uses is now rather old.

The SADAG report sourced abuse databases only up to January 2017, a time when AlpNames’ total gTLD domains under management was at its peak of around three million names.

Since then, the company has been hemorrhaging DUM, losing hundreds of thousands of domains every month. At the end of November 2017, the most recent data compiled by DI shows that it was down to around 838,000 domains.

It’s quite possible that AlpNames’ customer base is no longer the den of abuse it once was, whether due to natural attrition or a proactive purge of bad actors.

A month ago, in a press release connected with a $5.4 million buy-out of an co-founder, AlpNames chairman Iain Roache said he has a “10-year strategic plan” to turn AlpNames into a “Tier-1” registrar and “bring the competition to the incumbents”.

DomainTools scraps apps and APIs in war on spam

Kevin Murphy, January 22, 2018, Domain Services

DomainTools is to scrap at least five of its services as it tries to crack down spam.

It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.

CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.

The iOS app will no longer be supported after February 20th.

The Developer API is no longer supported.

On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.

On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.

The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.

While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.

The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.

In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.

This is the EU law that gives registrants more control over the privacy of their personal data.

Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.

About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.

GoDaddy and DomainTools scrap over Whois access

Kevin Murphy, January 12, 2018, Domain Registrars

GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.

DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.

Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.

He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.

“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”

“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.

DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.

GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.

In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.

GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.

This kind of Twitter exchange is fairly common on GoDaddy’s feed:

While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.

“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”

But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.

“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”

“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.

GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.

Bladel added that DomainTools is still getting more Whois access than other parties using port 43.

“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”

I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.

Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.

GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.

Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.

Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.

Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.

Big changes at DomainTools as privacy law looms

Kevin Murphy, January 11, 2018, Domain Services

Regular users of DomainTools should expect significant changes to their service, possibly unwelcome, as the impact of incoming European Union privacy law begins to be felt.

Professional users such as domain investors are most likely to be impacted by the changes.

The company hopes to announce how its services will be rejiggered to comply with the General Data Protection Regulation in the next few weeks, probably in February, but CEO Tim Chen spoke to DI yesterday in general terms about the law’s possible impact.

“There will be changes to the levels of service we offer currently, especially to any users of DomainTools that are not enterprises,” Chen said.

GDPR governs how personal data on EU citizens is captured, shared and processed. It deals with issues such as customer consent, the length of time such data may be stored, and the purposes for which it may be processed.

Given that DomainTools’ entire business model is based on capturing domain registrants’ contact information without their explicit consent, then storing, processing and sharing that data indefinitely, it doesn’t take a genius to work out that the new law represents a possibly existential threat.

But while Chen says he’s “very concerned” about GDPR, he expects the use cases of his enterprise customers to be protected.

DomainTools no longer considers itself a Whois company, Chen said, it’s a security services company now. Only about 20% of its revenue now comes from the $99-a-month customers who pay to access services such as reverse Whois and historical Whois queries.

The rest comes from the 500-odd enterprise customers it has, which use the company’s data for purposes such as tracking down network abuse and intellectual property theft.

DomainTools is very much aligned here with the governments and IP lawyers that are pressing ICANN and European data protection authorities to come up with a way Whois data can still be made available for these “legitimate purposes”.

“We’re very focused on our most-important goal of making sure the cyber security and network security use cases for Whois data are represented in the final discussions on how this legislation is really going to land,” he said.

“There needs to be some level of access that is retained for uses that are very consistent with protecting the very constituents that this legislation is trying to protect from a privacy perspective,” he said.

The two big issues pressing on Chen’s mind from a GDPR perspective are the ability of the company to continue to aggregate Whois records from hundreds of TLDs and thousands of registrars, and its ability to continue to provide historical, archived Whois records — the company’s most-popular product after vanilla Whois..

These are both critical for customers responding to security issues or trying to hunt down serial cybersquatters and copyright infringers, Chen said.

“[Customers are] very concerned, because their ability to use this data as part of their incident response is critical, and the removal of the data from that process really does injure their ability to do their jobs,” he said.

How far these use cases will be protected under GDPR is still an open question, one largely to be determined by European DPAs, and DomainTools, like ICANN the rest of the domain industry, is still largely in discussion mode.

“Part of what we need to help DPAs understand is: how long is long enough?” Chen said. “Answering how long this data can be archived is very important.”

ICANN was recently advised by its lawyers to take its case for maintaining Whois in as recognizable form as possible to the DPAs and other European privacy bodies.

And governments, via the Governmental Advisory Committee, recently urged ICANN to continue to permit Whois access for “legitimate purposes”.

DomainTools is in a different position to most of the rest of the industry. In terms of its core service, it’s not a contracted party with ICANN, so perhaps will have to rely on hoping whatever the registries and registrars work out will also apply to its own offerings.

It’s also different in that it has no direct customer relationship with the registrants whose data it processes, nor does it have a contractual relationship with the companies that do have these customer relationships.

This could make the issue of consent — the right of registrant to have a say in how their data is processed and when it is deleted — tricky.

“We’re not in a position to get consent from domain owners to do what we do,” Chen said. “I think where we need to be more thoughtful is whether DomainTools needs to have a process where people can opt out of having their data processed.”

“When I think about consent, it’s not on the way in, because we just don’t have a way to do that, it’s allowing a way out… a mechanism where people can object to their data being processed,” he said.

How DomainTools’ non-enterprise customers and users will be affected should become clear when the company outlines its plans in the coming weeks.

But Chen suggested that most casual users should not see too much impact.

“The ability of anyone who has an interest in using Whois data, who needs it every now and then, for looking up a Whois record of a domain because they want to buy it as a domain investor for example, that should still be very possible after GDPR,” he said.

“I don’t think GDPR is aimed at individual, one-at-a-time use cases for data, I think it’s aimed at scalable abuse of the data for bad purposes,” he said.

“If you’re running a business in domain names and you need to get Whois at significant scale, and you need to evaluate that many domains for some reason, that’s where the impact may be,” he said.

Disclosure: I share a complimentary DomainTools account with several other domain industry bloggers.

Domainers up in arms as DomainTools pricing rockets

Kevin Murphy, April 27, 2016, Domain Services

Domain investors are loudly complaining about DomainTools’ plan to double its prices and slash query limits.

Some are even calling for a boycott.

Effective June 25, all the existing non-enterprise membership tiers are being folded into a new “Personal” account, which costs $99 a month or $995 a year, DomainTools said.

Previously, customers on a “Professional” account paid $49.95 a month. Some were paying as little as $12 under older, discontinued Gold, Silver and Bronze plans.

If the price hike weren’t significant enough, the company is also reducing the number of queries customers can make.

Whois History reports have been slashed from 100 domains to 25, for example, as have Hosting History reports. The Brand Monitor tool has been reduced from 10 monitored strings to 3.

DomainTools offers a broad range of services in its standard bundle, and the cuts are pretty much across the board.

DomainTools said in an email to bloggers this week that a 30% discount will be offered on the first payment under the new plan for existing customers, adding:

The Personal Membership package adds four products that have never been offered before to individual members. Bulk Parsed Whois and Reverse Whois Research Mode have previously only been available to Enterprise members. In addition, we are including our newest product, Reverse IP Whois, which works like our Reverse Whois for domain Whois, but across IP Whois records. And finally, Personal Membership also includes 5 Domain Reports per month.

The company says that it is focusing more now on its enterprise security customers, where one imagines margins are higher than its mass-market domainer-oriented services.

Domainers, as you might expect, are not happy. Message boards and domainer blogs are filled with negative commentary.

There are currently 50 comments slamming the move on DNW, many saying they will quit the service, and a call for a boycott on NamePros

Some are predicting customers will flock to rivals DomainIQ and Whoisology.

Disclosure: myself and several other domain industry bloggers are on complimentary plans and will not be affected by these changes. In some months, the new Personal plan would have been adequate for my needs; in others, not so much.