Latest news of the domain name industry

Recent Posts

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

Kevin Murphy, December 4, 2015, Domain Registries

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.

Internet Identity, which provides threat data services, made the prediction in a press release this week.

IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.

He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.

But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.

It’s a bit of a strange prediction to come out of a security company.

The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.

It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.

I could live with that kind of security threat, personally.

But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?

I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?

We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.

Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.

We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

CNNIC hit by “largest ever” denial of service attack

Kevin Murphy, August 26, 2013, Domain Registries

Chinese ccTLD operator CNNIC suffered up to half a day of degraded performance and intermittent accessibility yesterday, after being hit by what it called its “largest ever” denial of service attack.

CNNIC is one of ICANN’s three Emergency Back-End Registry Operators, contracted to take over the running of any new gTLD registries that fail. It’s also the named back-end for seven new gTLD applications.

According to an announcement on its web site, as well as local reports and tips to DI, the first wave of DDoS hit it at about midnight yesterday. A second wave followed up at 4am local time and lasted up to six hours.

According to a tipster, all five of .cn’s name servers were inaccessible in China during the attack.

Local reports (translated) say that many Chinese web sites were also inaccessible to many users, but the full scale of the problem doesn’t seem to be clear yet.

China’s .cn is the fourth-largest ccTLD, with close to 10 million domains under management.

ICANN selects new gTLD backup providers

Neustar, Nominet and CNNIC have been picked to provide backup registry services for new gTLDs that fail.

ICANN has named the three companies as Emergency Back-End Registry Operators for the new gTLD program.

They’ll be responsible for taking over the management of any new gTLD that goes out of business, putting registrants at risk of losing DNS resolution and registry functions.

The idea is that the EBERO(s) would be paid out of funds placed in escrow by gTLD applicants, in order to gracefully wind down any failed TLD over the space of a few years.

In reality, I doubt there’s going to be much call for their services; M&A activity is a more likely outcome for gTLDs that fail to meet their sales expectations.

ICANN highlighted the geographic diversity of the three companies (Nominet is British, Neustar American and CNNIC Chinese) as a stability benefit of its selections.

The three were chosen from 14 respondents to an RFI published last year.

The absence of an EBERO was one of the shortfalls of the new gTLD program highlighted by Verisign in its recent letter warning ICANN about perceived security and stability risks.

While ICANN has acknowledged that the EBEROs are unlikely to be ready to roll before the first new gTLDs start to launch, it has noted that they don’t need to be.

If any new gTLD catastrophically fails during the first few months of launch, it will reflect extremely poorly on the financial and technical evaluations applicants have been undergoing for the last nine months.

New gTLD failure risk bond capped at $300k

Kevin Murphy, December 26, 2011, Domain Policy

New generic top-level domain applicants will have to find between $18,000 and $300,000 per gTLD to cover the risk of their business failing, according to ICANN.

ICANN revealed the figures, which have been calculated from prices quoted by 14 potential emergency back-end registry operators, in a pre-Christmas info-dump on Friday.

The so-called Continued Operations Instrument is designed to cover the cost of paying an EBERO to manage and/or wind down a failed gTLD business over up to three years.

All new gTLD applicants must either secure credit or put cash in escrow to cover the COI, the amount of which depends on how many domains under management they anticipate.

This table shows the size of the COI for various sizes of zone.

Projected Number of DomainsEstimated 3 Year COI (USD)
10,000$18,000
25,000$40,000
50,000$80,000
100,000$140,000
250,000$250,000
>250,000$300,000

This essentially means that any registry that plans to grow its gTLD into a commercially successful volume business needs to find $300,000 to cover the cost of its potential failure.

Only five previously introduced new gTLDs have topped 250,000 domains under management in their first five years: .info (with 8 million today), .biz, .name, .mobi and .tel (which peaked at 305,000).

Smaller gTLDs, comparable to a .cat, .jobs or .travel, will only have to find $40,000 to $80,000. It’s likely that the majority of .brand applicants will only need to secure the minimum $18,000.

While potentially expensive, it’s welcome clarity into new gTLD funding requirements, albeit coming just two weeks before ICANN begins to accept applications.

ICANN also threw a bone to potential applicants from countries with poor access to credit.

The organization previously only contemplated allowing credit from banks with an ‘A’ rating or higher, but it now says it will accept, in its discretion, financial instruments from the highest-rated institution available to the applicant.

ICANN said it may also consider becoming a party to these credit agreements, again in its sole discretion, but that such applicants could lose points when their application is scored as a result.

Half the industry fighting over EBERO contracts

Kevin Murphy, December 15, 2011, Domain Registries

ICANN received a whopping 14 responses to its recent request for emergency back-end registry operators, contracts that could turn lucrative if and when new gTLDs start going out of business.

Following a request for information last month, responses received before the December 5 deadline came from Europe, Asia and North and South America, ICANN’s Karla Valente blogged.

While 14 may not seem like a lot, I’m only aware of 19 companies that are actively marketing new gTLD back-end registry services, so it’s a pretty high response rate.

The EBERO’s job is to make sure domain names continue to work after a new gTLD registry goes out of business. In the worst case scenario, it keeps the names resolving for up to three years, giving registrants the opportunity to migrate to another TLD.

The EBERO may, and I’m speculating here, also have an advantage in talks to take over the failed TLD full-time.

The successful providers will be paid from the Continuing Operations Instrument, a big chunk of cash that all new gTLD applicants are obliged to put aside to pay for their own funeral costs.

The price the successful EBEROs intend to charge is an important consideration when applicants calculate the size of their own COI, but those numbers have not yet been revealed.

The EBERO idea has come in for a bit of criticism due to ICANN’s high technical demands – 25,000 concurrent connections for an essentially stagnant TLD, for example – which some say favors incumbent registry operators such as VeriSign, Afilias and Neustar.

ICANN may wind up selecting more than one EBERO when it makes its decision early next year.