Fears that the 2013 Registrar Accreditation Agreement would lead to new phishing attacks appear to be unfounded, at least so far.
The 2013 RAA, which came into force at most of the big registrars on January 1, requires registrars to verify the registrant’s email address or phone number whenever a new name is registered.
It was long predicted that this new provision — demanded by law enforcement — would lead to phishers exploiting registrant confusion, obtaining login credentials, and stealing valuable domain names.
Over the weekend, it looked like this prediction had come true, with posts over at DNForum saying that a new Go Daddy scam was doing the rounds and reports that it was related to the 2013 RAA changes.
I disagree. Shane Cultra posted a screenshot of the latest scam on his blog, alongside a screenshot of Go Daddy’s actual verification email, and the two are completely dissimilar.
The big giveaways are the “Whois Data Reminder” banner and “Reminder to verify the accuracy of Whois data” subject line.
The new attack is not exploiting the new 2013 RAA Whois verification requirements, it’s exploiting the 10-year-old Whois Data Reminder Policy, which requires registrars annually to remind their customers to keep their contact details accurate.
In fact, the language of the new scam has been used in phishing attacks against registrants since at least 2010.
That’s not to say the attack is harmless, of course — the attacker is still going to steal the contents of your Go Daddy account if you fall for it.
We probably will see attacks specifically targeting confusion about the new address verification policy in future, but it seems to me that the confusion we’re seeing with the latest scam may be coincidental.
Go Daddy told DI yesterday that the scam site in question had already been shut down. It’s not clear if anyone fell for it while it was live.
Donuts’ pricey Early Access Program for its new gTLDs could prove quite lucrative for registrars.
Go Daddy today revealed that it’s charging $12,500 and up for first-day “priority” registrations in 14 Donuts gTLDs, a $2,500 profit on Donuts’ EAP registry fee, which I believe is $10,000.
The EAP is Donuts’ alternative to a traditional landrush period.
Rather than charging premium landrush fees and then running an auction for contested domains, every available domain has a standard premium buy-it-now price that is reduced every day for a week until the fee hits the standard reg fee.
It’s Dutch-auction-like, with a first-come-first-served component.
The EAP registry fees start at $10,000, go to $2,500 on day two, $950 on day three, $500 on day four and $100 from days five through day seven. Then they go to the base fee, which depends on gTLD but typically translates to about $40 at the check-out.
Go Daddy’s respective EAP retail prices are $12,539.99, $3,164.99, $1,239.99, $689.99 and $189.99.
Complicating matters, these are currently “priority pre-registration” fees, so the company will still have to successfully grab the pre-registered names from the registry when they become available.
While customers are billed today, they may not get the name they want. If Go Daddy fails to secure the name it will issue a full refund.
Complicating matters further, the company is accepting multiple pre-registrations on any given name and will auction it off to the highest bidder if more than one person pre-registers at the same level and Go Daddy manages to grab the name.
So $12,500 may just be the tip of the iceberg.
Complicating matters further further, Go Daddy’s site is currently not particularly clear — at least to this elderly hack — which components of its fees are refundable and which are not.
This slogan, currently in use on the Go Daddy pre-reg site, appears to me to be absolute nonsense.
The 14 Donuts gTLD currently on offer are: .estate, .photography, .ventures, .guru, .bike, .clothing, .gallery, .singles, .camera, .lighting, .plumbing, .equipment, .graphics and .holdings.
Only one mass-market TLD used it, and it’s often considered a bad idea, but variable pricing for domain name renewals is making a comeback with the launch of new gTLDs.
What Box? and Plan Bee are the first two new gTLD registries to start selling domains with tiered renewal fees, in .menu and .build respectively, via Go Daddy.
If you pay Go Daddy $189.99 for a “Priority Rre-registration” in .build, your annual renewal fee if you secure the name will be be $149.99, instead of the $99.99 other pre-registrants will pay.
Similarly, a Priority Pre-registration in .menu will set you back $199.99 a year, forever, instead of $49.99.
I understand that the standard Go Daddy initial registration fee for these two TLDs during general availability will also be $99.99 and $49.99 respectively.
The other two new gTLDs with announced pricing, .uno and .luxury, do not appear to be charging tiered rates.
Go Daddy confirmed that the renewal pricing will be permanently higher in the .build and .menu, telling us:
The industry is starting to move toward a tiered pricing system. As such, some registries have elected to make renewals higher on domain names captured during the priority pre-registration period.
It’s actually permitted under ICANN’s standard Registry Agreement.
Generally, the RA prevents registries charging variable renewal fees. If you find yourself running a successful business in a new gTLD, the registry is not allowed to gouge you for higher renewals.
There’s a provision in section 2.10 of the contract that is designed to “prohibit abusive and/or discriminatory Renewal Pricing practices imposed by Registry Operator”.
But the rule does not apply if you’re told at the point of registration that your renewal pricing will be higher.
The contract states that “Registry Operator must have uniform pricing for renewals of domain name registrations”, but grants this huge exception:
if the registrar has provided Registry Operator with documentation that demonstrates that the applicable registrant expressly agreed in its registration agreement with registrar to higher Renewal Pricing at the time of the initial registration of the domain name following clear and conspicuous disclosure of such Renewal Pricing to such registrant
The only major TLD to try variable pricing before now was .tv, which Verisign currently operates.
The .tv registry held back thousands of desirable strings when it launched in 2000. Instead of auctioning them, it priced these names to sell, but with renewal prices matching the initial registration fee.
If you bought a premium .tv name 10 years ago for $10,000, you’ve been paying $10,000 a year ever since.
This proved very unpopular — especially with domain investors, who continue to moan about the high carrying cost of .tv names bought years ago — and Verisign scrapped the policy on new registrations in 2010.
Some say tiered renewal pricing is the main reason .tv isn’t nearly as popular as it arguably should be.
But will it work in 2014?
Tiered renewal fees seems like an excellent way to discourage domainers from participating in your launch.
Would you be willing to pay higher renewal fees ad infinitum just for the chance for first dibs on the new gTLD domain name you want?
Former Go Daddy general counsel Christine Jones has said she “didn’t particularly like” the company’s wildly successful, if sexually provocative, TV advertising.
Jones is one of several candidates for the Republican gubernatorial nomination in the company’s home state of Arizona.
She began her campaign officially this week, having come out on Twitter in August, and spoke to The Republic.
Asked about the “racy” TV spots, which were often focused on a large-chested woman with the Go Daddy logo emblazoned on her skimpy attire, Jones told the paper:
A lot of people have asked me about the Go Daddy ads, and to be candid, I didn’t particularly like those ads, either. If I had been running marketing, the ads would’ve been very different. But in the grand scheme of things, the ads ended up being pretty harmless. The ads really made that company successful, and that success allowed me to focus my personal time on developing policy, which made the Internet a better and safer place for users, especially children. Once people get to know me and they differentiate the marketing spin, which is this kind of edgy, Go Daddy-esque style, from my role there — which was running a place that had a lot of serious people doing a lot of serious work — they’ll understand there is a difference.
Some locals seem to be assuming that Go Daddy will support Jones’ campaign, with the paper reporting that “Jones’ entry into the race has political insiders — and opponents — intrigued and even unsettled by her resume and potentially hefty financial backing.”
There’s not a great deal of information about Jones’ positions in the interview, however.
Go Daddy has strengthened its already pretty strong hand in the domain name aftermarket by acquiring Afternic from NameMedia for an undisclosed sum.
Afternic provides a centralized platform for listing domains for sale. About 100 registrars, including Go Daddy, carry its six million listings.
Go Daddy also offers its own customers a Premium Listings service. Integrating the two platforms will happen “over the coming months”, Go Daddy said.
Afternic usually reports about a million dollars of domain sales via its platform every week, but those figures don’t include private sales. It already has deals in place to sell premium names for several new gTLDs.
Some of Go Daddy’s biggest competitors — existing Afternic partners — appear to be happy about the move. Go Daddy’s press release quotes Tucows and Web.com executives giving the deal the thumbs-up.
Afternic did once belong to Register.com, one of Web.com’s registrars, but for the last six years it has been owned by NameMedia.
The deal also includes SmartName, NameMedia’s parking service, but not BuyDomains, where NameMedia sells its own portfolio of names. Go Daddy will take on Afternic’s Boston-based staff.