Latest news of the domain name industry

Recent Posts

GoDaddy and DomainTools scrap over Whois access

Kevin Murphy, January 12, 2018, Domain Registrars

GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.

DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.

Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.

He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.

“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”

“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.

DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.

GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.

In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.

GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.

This kind of Twitter exchange is fairly common on GoDaddy’s feed:

While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.

“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”

But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.

“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”

“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.

GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.

Bladel added that DomainTools is still getting more Whois access than other parties using port 43.

“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”

I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.

Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.

GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.

Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.

Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.

Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.

GoDaddy renewal revamp “unrelated” to domainer auction outrage

Kevin Murphy, November 21, 2017, Domain Registrars

GoDaddy has made some big changes to how it handles expired domain names, but denied the changes are related to domainer outrage today about “fake” auctions.

The market-leading registrar today said that it has reduced the period post-expiration during which registrants can recover their names from 42 days to 30. After day 30, registrants will no longer be able to renew or transfer affected names.

GoDaddy is also going to start cutting off customers’ MX records five days after expiry. This way, if they’re only using their domain for email, they will notice the interruption. Previously, the company did not cut off MX records.

The changes were first reported at DomainInvesting.com and subsequently confirmed by a GoDaddy spokesperson.

One impact of this will be to reduce confusion when GoDaddy puts expired domains up for auction when it’s still possible for the original registrant reclaim them, which has been the cause of complaints from prominent domain investors this week.

As DomaingGang reported yesterday, self-proclaimed “Domain King” Rick Schwartz bought the domain GoDaddyBlows.com in order to register his disgust with the practice.

Konstantinos Zournas of OnlineDomain followed up with a critique of his own today.

But the GoDaddy spokesperson denied the changes are being made in response to this week’s flak.

“This is unrelated to any events in the aftermarket,” he said. “We’ve been working on this policy for more than a year.”

He said the changes are a case of GoDaddy “optimizing our systems and processes”. The company ran an audit of when customers were renewing and found that fewer than 1% of names were renewed between days 30 and 42 following expiration, he said.

GoDaddy renews about 2.5 million domains per month in just the gTLDs it carries, according to my records, so a full 1% would equal roughly 25,000 names per month or 300,000 per year. But the company spokesperson said the actual number “quite a bit less” than that.

How many of these renewals are genuinely forgetful registrants and how many are people attempting to exploit the auction system is not known.

The changes will come into effect December 4. The news broke today because GoDaddy has started notifying its high-volume customers.

GoDaddy’s reason for dumping Uniregistry doesn’t make a lot of sense

Kevin Murphy, August 24, 2017, Domain Registrars

GoDaddy, as you may have read, has again decided to dump Uniregistry’s portfolio of TLDs, following wholesale price increases.

But its explanation for the move — trying to provide its customers with a “great product experience” — doesn’t seem to tally with the way it has gone about implementing the change.

The company confirmed this week that it will no longer offer new registrations in Uniregistry’s stable of new gTLDs, but will continue to support existing customers.

The registrar’s EVP of domains, Mike McLaughlin, reportedly explained the move like this:

GoDaddy strives to provide its customers with great product experiences wherever possible. After careful consideration, we decided to stop offering new Uniregistry domain names for sale because their pricing changes caused frustration and uncertainty with our customers.

But the way GoDaddy has gone about this looks like it is set to provide anything other than a great product experience.

For starters, existing registrants of Uniregistry names will find their registrations migrated over to the wholesale registrar Hexonet, for which GoDaddy will act as reseller.

They’ll still be able to manage their names via their GoDaddy control panels, but technically GoDaddy will no longer be the registrar.

This could well add friction to the customer support process, as well as meaning Hexonet will now show up in Whois as the sponsoring registrar.

Accompanying this move is the unexplained removal of Whois privacy services for all affected domains. Registrants will get a refund for their privacy service and will have the opportunity to switch registrars to one that will support privacy.

For those that remain, suddenly their personally identifiable information will become publicly available. This could lead to an increase in complaints and support calls as registrants realize what has happened.

In terms of price, existing registrants will presumably still be affected by Uniregistry’s increases to the same extent as they were previously. Again, their customer experience has not changed.

Overall, the explanation doesn’t make a heck of a lot of sense to me. I put the above points to GoDaddy and VP of domains Rich Merdinger responded, via a company spokesperson:

After we made the decision to stop supporting Uniregistry domain names, we worked to provide the best possible experience we could to our customers. We wanted them to have a transparent experience. They will log in to the same GoDaddy account and service the domain names the same way they always have. Because of the transfer of the name to a different registrar, privacy had to be removed. While this impacts a small subset of these customers, we have done everything to make this transition as smooth as possible.

It’s true that GoDaddy isn’t a big seller of Uniregistry names. It’s one of Uniregistry’s smaller channel partners and the number of Uniregistry names it’s sold — measured in the thousands — is a drop in the ocean of the over 55 million gTLD names it currently has under management.

The two companies are also competitors, it probably should be noted.

But while Uniregistry’s registrar seems to be have been well-received by customers, and its domain volume has grown rapidly in the last three years, it still only had about 1.5 million domains under management at the last count; hardly an existential threat to the Scottsdale behemoth.

It should also be noted that GoDaddy is not the only registrar to distance itself from Uniregistry.

NameCheap also recently discontinued support for the TLDs that are experiencing the biggest price increases. Tucows announced a similar move in May.

GoDaddy had already said it would drop Uniregistry once before, but changed its mind, before changing it back again.

GoDaddy CEO to retire at 58

Kevin Murphy, August 22, 2017, Domain Registrars

GoDaddy CEO Blake Irving tonight announced his retirement from the company.

Irving, 58, said he will leave the corner office at the end of 2017, and will stick around on its board of directors until June next year.

He will be replaced by current chief operating officer Scott Wagner, who joined the registrar in 2013 from KKR, one of the three investment companies that owned GoDaddy in its interregnum between founder Bob Parsons and its 2013 initial public offering.

“After more than three decades in technology, I’ve decided it’s time to retire and begin the next phase of my life,” Irving said in a press release.

He added that revenue and profits had doubled under his watch, which commenced in 2013.

Wagner served as interim CEO of GoDaddy in 2012, after Parsons protege Warren Adelman’s short stint in the role.

He was also named president of the company last year.

GoDaddy’s share price has dipped slightly in after-hours trading in the hour or so since the announcement was made.

Google dumps Nazi domain in hours

Kevin Murphy, August 14, 2017, Domain Registrars

Neo-Nazi blog The Daily Stormer found itself without a registrar for the second time in a day this evening, after Google cancelled its registration.

The company told BBC News:

We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service.

The cancellation came not many hours after GoDaddy, the controversial site’s original registrar, gave its owners 24 hours to find a new registrar.

That was in response to people on Twitter complaining that the Stormer had published an article attacking a victim of alleged right-wing domestic terrorism, which GoDaddy said broke its terms of service inciting violence.

The current Whois record for dailystormer.com indicates that it is still with Google, but in a clientTransferProhibited status.

That means it should not be possible to transfer the name to a third registrar, unless and until Google changes the status.

The domain still resolves, however, from where I’m sitting.

It might be that the Stormer will now find itself registrar-hopping and/or facing a period of downtime.