Latest news of the domain name industry

Recent Posts

Go Daddy advertising privacy petition on Facebook

Go Daddy appears to be putting its money where its mouth is when it comes to arguments about domain privacy.

The company is paying for “sponsored” posts on Facebook that promote the ongoing petition against proposed changes to Whois policy at ICANN.

This has been appearing on Facebook for me all day, seriously interrupting my Farmville time:

Go Daddy ad

Clicking the ad takes you directly to the Save Domain Privacy petition, rather than a Go Daddy sales pitch.

As I reported last week, thousands of internet users have blasted ICANN with template comments complaining about proposed limits on Whois privacy.

There are currently over 10,000 such comments, I estimate, with over a week left until the filing deadline.

Registrars, Go Daddy among them, are largely concerned about a minority proposal emerging from in a proxy/privacy service accreditation working group that would ban transactional e-commerce sites from having private registrations.

They’re also bothered that intellectual property owners could get more rights to unmask privacy users under the proposals.

Despite Go Daddy’s outreach, Repect Our Privacy, letter-writing campaign, backed by NameCheap and the Electronic Frontier Foundation, seems to be responsible for most of the comments filed to date.

Not that it’s necessarily relevant today, but NameCheap and Go Daddy were on opposing sides of the Stop Online Piracy Act debate — a linked controversy — a few years back.

Freenom suspended for cybersquatting rival registrars

Freenom, the company behind .tk and other freebie ccTLDs, has had its ICANN registrar accreditation suspended for cybersquatting competing registrars including Go Daddy and Key-Systems.

OpenTLD, its registrar business, has been told it cannot accept new registrations or inbound transfers from July 8 to October 6 or until it provides ICANN with a full list of the names it squatted.

I believe it’s the first time ICANN has suspended a registrar for this reason.

The suspension notice states:

ICANN has found that OpenTLD has engaged in a pattern and practice of trafficking in or use of domain names identical or confusingly similar to a trademark or service mark of a third party in which the Registered Name Holder has no rights or legitimate interest

That’s a long-winded way of saying “massive cybersquatting”.

ICANN is basing its claims on two UDRP cases that Freenom and its CEO, Joost Zuurbier, lost.

According to WIPO panelists in Key-Systems GmbH v. Joost Zuurbier, OpenTLD B.V. and NetEarth Group, Inc. v. Stichting OpenTLD WHOIS Proxy, the company squatted at least seven of its rivals’ trademarks.

The domains were netearthone.biz, rrpproxy.me, key-systems.cc, resellerclub.tk, resellbiz.biz, godaddy.cf and resello.ws.

According to the UDRP decisions, Freenom used the domains to try to entice resellers of the other registrars over to OpenTLD.

It bought the competing registrars’ trademarks as search keywords on Google’s advertising platform, a WIPO panelist found. If you searched Google for Key-Systems trademark “RRPproxy”, for example, you’d get an ad linking to rrpproxy.me.

In some cases the names were registered behind Freenom’s in-house privacy service. In others, Zuurbier and OpenTLD were listed plainly as the registrants.

The WIPO panelists also found that Freenon shirked its duties under the UDRP as registrar, deleting the squatted domains rather than locking them, which essentially amounted to “cyberflight”.

It all looks pretty bad for Freenom, which only gained its accreditation two years ago.

To avoid termination, it has to provide ICANN with a list of all of its trademark infringing names, agree to transfer them to the mark owners or delete them, and bunch of other stuff.

Here’s the letter.

Go Daddy splashes out $28m on Marchex domain portfolio

Kevin Murphy, April 22, 2015, Domain Sales

Go Daddy has acquired about 200,000 domain names from Marchex for $28.1 million.

The sale comes as Marchex seeks to extricate itself from the domain name business in order to focus on mobile advertising analytics.

It works out at about $140 per domain.

Go Daddy said that it will make the domains available via its multi-registrar Afternic platform, which should massively increase their visibility among potential buyers.

The deal was a “unique opportunity” that doesn’t represent a change in direction for the registrar.

Domain Name Wire has an interview with company senior VP Mark McLaughlin over here which explains Go Daddy’s plans in a bit more detail.

Marchex said that it has also sold $6.7 million worth of domains from the portfolio separately since January.

Domain hijacking bug found in Go Daddy

Kevin Murphy, January 22, 2015, Domain Registrars

Go Daddy has rushed out a fix to a security bug in its web site that could have allowed attackers to steal valuable domain names.

Security engineer Dylan Saccomanni found several “cross site request forgery” holes January 17, which he said could be used to “edit nameservers, change auto-renew settings and edit the zone file entirely”.

He reported it to Go Daddy (evidently with some difficulty) and blogged it up, with attack code samples, January 18. Go Daddy reportedly patched its site the following day.

A CSRF vulnerability is where a web site fails to adequately validate data submitted via HTTP POST. Basically, in this case Go Daddy apparently wasn’t checking whether commands to edit name servers, for example, were being submitted via the correct web site.

Mitigating the risk substantially, attackers would have to trick the would-be victim domain owner into filling out a web form on a different site, while they were simultaneously logged into their Go Daddy accounts, in order to exploit the vulnerability, however.

In my experience, Go Daddy times out logged-in sessions after a period, reducing the potential attack window.

Being phishing-aware would also reduce your chance of being a victim.

I’m not aware of any reports of domains being lost to this attack.

Four reasons Google Domains isn’t a Go Daddy killer

Judging by DI’s traffic spike last night, there’s a lot of interest in Google Domains, Google’s forthcoming entry into the domain name registrar market.

And judging by some of the early commentary, it seems that many people are already assuming that the service will be an overnight success.

Some people already seem to be willing to write off market leader Go Daddy specifically, for some peculiar reason.

I’ve even heard speculation that Google timed its announcement to screw with Go Daddy’s imminent IPO, which strikes me as veering into conspiracy theory territory.

While I’ve no doubt Go Daddy and other mass-market retail registrars will be watching Google’s move with interest and concern — and there are some reasons to be worried — let’s not jump the gun here.

Let’s calm the hyperbole a little. Off the top of my head, here are a handful of reasons not to get excited just yet.

1. It could be a really shitty product

There seems to be an assumption in some quarters that whatever Google brings to market will be automatically incredible, but the company really doesn’t have the track record to support that assumption.

Sure, its search engine may be great and services such as Gmail and Adsense may be pretty good, but have you ever tried Blogger?

Do you actually use Google+, or do you only have an account because Google forced you?

The truth is that lots of Google products fail.

And we haven’t even seen Google Domains yet. Nobody has. Only Google employees and their buddies are going to get beta access, so it seems we’re going to be waiting a while before we can judge.

2. There’s no 24×7 support

Google Domains will launch with support via email and phone from 9am to 9pm US Eastern time, Monday to Friday.

Would you switch to a registrar that doesn’t have round-the-clock support seven days a week? As a small business owner who makes his living from his web site, I sure wouldn’t.

If Google Domains gains traction you can expect support hours to be expanded pretty quickly, but a lack of 24×7 support at launch will keep many customers away.

3. It’s not free

Some people seem to be obsessed with the notion that Google is going to give away free domains, and that kind of commentary is continuing even though we know Google Domains will charge $12 for a .com.

Its email service may come at no additional cost, but its email service is Gmail, and that’s already free. Google could hardly start charging an add-on fee for something that’s always been free.

Google Domains may offer free privacy too, but so do lots of other registrars.

In future, Google registry arm Charleston Road Registry may give away free names in some of its new gTLDs, but if it does so that price will have to be available to all registrars, not just Google Domains.

Google Domains isn’t free. It’s not even the cheapest registrar on the market.

4. Go Daddy is gigantic

According to its recent regulatory filings, Go Daddy has 57 million domains under management and 12 million customers.

How many of those do you think will make the switch to Google? How many will even know that such a switch is possible?

Switching registrars may be relatively straightforward if everything you own is parked, but it becomes more complex when you’re running your web site, email and so forth on your registrar’s platform.

These kinds of small business owners are the customers being targeted by Google and Go Daddy, and if they already have web sites they’re likely already experiencing registrar lock-in.

According to its announcement, Google is targeting greenfield opportunities — the 55% of small businesses it estimates don’t have an online presence today — rather than grabbing market share from rivals.

The “small businesses need to get online” story is common to every press release issued by every web host and domain registrar with a price promotion to plug.

When Google teamed up with Blacknight to give away domains for free — for FREE, so it is, so it is — to Irish small businesses, it managed to sign up 10,000 in one year.

How long do you think it will take Google to get to 57 million names under management?