Latest news of the domain name industry

Recent Posts

Christians rail against GoDaddy’s six-color gay rights flag

GoDaddy changed its social media avatars to a gay rights flag yesterday, incurring the wrath of some self-declared Christians and US right-wingers.

GoDaddy rainbow

The change was made in recognition of LGBT Pride Month, in which every June gay rights groups hold marches and generally celebrate/call for equal rights for lesbian, gay, bisexual and transgender people.

The most egregious thing about the change is surely that there’s a color missing. For some reason, the world’s largest registrar has decided that rainbows look better with only six colors.

But many customers took to Facebook to decry the change on religious or political grounds.

Here’s a sample of some of the comments on the logo.

Now finding another service !!! I don’t support this crap !! I serve s higher power and I am as a Christian warrior to turn my back on this !!!

Don’t you start making a hard left turn to GoDaddy, are you gonna choose the coastal liberals over the other half of the country? Stay out of politics and picking sides. Your not above Boycott like every other Mega Company that chooses a Globalist agenda…

Keep your sexual or political opinion out of your business or I’ll leave your business son! Weather I agree or disagree Im not doing business with you for you to push your views upon me! Just sell me websites and hosting and keep your mouth shut, thanks!

Not doing business there anymore

To be fair, compared to the size of GoDaddy’s customer base, the number of outraged commenters was vanishingly small. I don’t think anyone at GoDaddy is shaking in their boots over the possible loss of a few hard-core right-wing customers.

But those saying it’s a political statement may have a point.

It might be interesting to note that on GoDaddy’s Facebook page for the UK, where equal rights are far less controversial and barely considered a mainstream political issue, the company has not changed its logo.

There were also lots of comments in favor of the change, of course.

Always been a huge fan of godaddy. Your customer service and products are superior. Now I’m even more of a fan. Thanks for taking a powerful stand, even amidst these trolls. I can’t even believe the hate spewing from them. #teamGoDaddy

Comment section, its not getting political or “imposing views” on others to support & respect gays as human beings. They’re not talking about gun rights or abortion or whatever, its LGBT, thats not a belief, or a view. So if you’re gonna seriously stop using the website over human decency & compassion during pride month, thats on you if ya wanna be a whining mope

The amount of offended people in these comments is killing me 😂 much love, GoDaddy. Happy pride. To all the high- strung offended snowflakes: you and your kind have enjoyed thousands of years without LGBT visibility. One site changes their profile pic and your anger burns for nothing. Suck it.

And there were plenty of ambivalent comments.

I am ok with supporting LGBT rights. I am not ok with my slow as hell server that I paid extra for it to be fast, but I paid up front for 3 years so whatever I guess I am hanging out awhile.

While I generally tend to steer away from stories about bogus, whipped-up, social media controversies (this is maybe the third time DI has posted such an article) I find it interesting as it reflects GoDaddy’s perception shift as a company.

A large reason GoDaddy got into the leading position it is today is due to its unabashedly breast-based advertising and sponsorship of sports only Republicans understand.

Less than a decade ago, it was more common for the company to attract controversy when founding CEO Bob Parsons did something dumb like brag about shooting an elephant.

Now it’s taking flak for making a half-assed nod towards gay rights? How times change.

Disclosure: it’s not lost of me that throughout this article I’ve used the word “gay” interchangeably with “LGBT”.

Can’t get enough GDPR? Come to my NamesCon panel

Kevin Murphy, June 4, 2018, Domain Services

NamesCon Europe is being held in Valencia, Spain, this week, the first time the NamesCon branding has been applied to the old Domaining Europe show.

Starting Thursday, it’s a two-day conference — or three if you count the social events planned for Saturday — with a varied agenda focused on domain investors.

The keynote will be given by Akram Atallah, president of ICANN’s Global Domains Division, on a so-far unspecified topic.

There will be about 20 sessions in total, organized in a single track and covering topics such as valuation, monetization, drop-catching, web development and legal issues facing domainers.

Expect speakers from the likes of Donuts, Sedo, the new gTLDs .club and .global, and a bunch of companies I’ve never heard of (a fact I hope to rectify).

Staff from NamesCon owner GoDaddy also have a decent presence among the speakers.

Domaining Europe was sold to NamesCon earlier this year and there’s going to be a short “handover ceremony” at the end of the show, followed by a performance by a band whose lineup feature the conference’s new CEO.

I’ll be hosting a panel comprising Blacknight CEO Michele Neylon and German lawyer Thomas Rickert on the General Data Protection Regulation on Thursday just before lunch.

If you no longer wish me to tell you this, please click here. But if, as a domainer, you feel there are important GDPR issues that should be discussed at the session, feel free to leave a comment below or shoot me an email.

As usual with shows like this, a big part of the value is in the networking, and there’s plenty of opportunities for socializing scheduled, including a “Disco Party!” slated to end at 5am.

NamesCon Europe tickets are still available, priced now at €786.50 ($922).

Disclosure: I’m paying my own way to the show but have a complimentary press pass.

I just bought a new gTLD registry’s domain for $10

Kevin Murphy, April 18, 2018, Domain Registries

Are .fan and .fans the latest new gTLDs to go out of business? It certainly looks that way.

ICANN has hit the registry with a breach notice for unpaid dues and stripped it of its registrar accreditation.

In addition, its web sites no longer appear functional and I’ve just bought its official IANA-listed domain name for under $10.

Asiamix Digital is the Hong Kong-based company behind both TLDs, doing business as dotFans.

It launched .fans in September 2015, with retail pricing up around the $100 mark, but never actually got around to launching the singular variant, which it acquired (defensively?) from Rightside (now Donuts) earlier that year.

.fans had fewer than 1,400 domains in its zone file yesterday, down from a peak of around 1,500, while .fan had none.

dotFans in-house accredited registrar, Fan Domains, didn’t seem to actually sell any domains and it got terminated by ICANN (pdf) at the end of March for failing to provide basic registrar services.

And now it seems the registry itself has been labeled as a deadbeat by ICANN Compliance, which has filed a breach notice (pdf) alleging non-payment of registry fees.

While breach notices against TLD registries are not uncommon these days, I think this is the first one I’ve seen alleging non-payment and nothing else.

The notice claims that the registry’s legal contact’s email address is non-functional.

In addition, the domains nic.fans, nic.fan and dotfans.com all currently resolve to dead placeholder pages.

Meanwhile, dotfans.net, the company’s official domain name as listed in the IANA database now belongs to me, kinda.

It expired March 12, after which it was promptly placed into a GoDaddy expired domains auction. Where I just bought it for £6.98 ($9.92).

dotfans

To be clear, I do not currently control the domain. It’s still in post-expiration limbo and GoDaddy support tells me the original owner still has eight days left to reclaim it.

After that point, maybe I’ll start getting the registry’s hate mail from ICANN. Or perhaps not; it seems to have been using the .com equivalent for its formal communications.

Should .fan and .fans get acquired by another registry soon — which certainly seems possible — rest assured I’ll let the domain go for a modest sum.

ICANN confirms GoDaddy Whois probe

ICANN is looking into claims that GoDaddy is in breach of its registrar accreditation contract.

The organization last week told IP lawyer Brian Winterfeldt that his complaint about the market-leading registrar throttling and censoring Whois queries over port 43 is being looked at by its compliance department.

The brief note (pdf) says that Compliance is “in receipt of the correspondence and will address it under its process”.

Winterfeldt is annoyed that GoDaddy has starting removing contact information from its port 43 Whois responses, in what the company says is an anti-spam measure.

It’s also started throttling port 43 queries, causing no end of problems at companies such as DomainTools.

Winterfeldt wrote last month “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny port 43 Whois access to any particular IP address”.

It’s worth saying that ICANN is not giving any formal credibility to the complaint merely by looking into it.

But while it’s usual for ICANN to publish its responses to correspondence it has received and published, it’s rather less common for it to disclose the existence of a compliance investigation before it has progressed to a formal breach notice.

It could all turn out to be moot anyway, given the damage GDPR is likely to do to Whois across the industry in a matter of weeks.

Lawyer: GoDaddy Whois changes a “critical” contract breach

Kevin Murphy, March 13, 2018, Domain Registrars

GoDaddy is in violation of its ICANN registrar contract by throttling access to its Whois database, according to a leading industry lawyer.

Brian Winterfeldt of the Winterfeldt IP Group has written to ICANN to demand its compliance team enforces what he calls a “very serious contractual breach”.

At issue is GoDaddy’s recent practice, introduced in January, of masking key fields of Whois when accessed in an automated fashion over port 43.

The company no longer shows the name, email address or phone number of its registrants over port 43. Web-based Whois, which has CAPTCHA protection, is unaffected.

It’s been presented as an anti-spam measure. In recent years, GoDaddy has been increasingly accused (wrongly) of selling customer details to spammers pitching web hosting and SEO services, whereas in fact those details have been obtained from public Whois.

But many in the industry are livid about the changes.

Back in January, DomainTools CEO Tim Chen told us that, even as a white-listed known quantity, its port 43 access was about 2% of its former levels.

And last week competing registrar Namecheap publicly complained that Whois throttling was hindering inbound transfers from GoDaddy.

Winterfeldt wrote (pdf) that “nothing in their contract permits GoDaddy to mask data elements, and evidence of illegality must be obtained before GoDaddy is permitted to throttle or deny
port 43 Whois access to any particular IP address”, adding:

The GoDaddy whitelist program has created a dire situation where businesses dependent upon unmasked and robust port 43 Whois access are forced to negotiate wholly subjective terms for access, and are fearful of filing complaints with ICANN because they are reticent to publicize any disruption in service, or because they fear retaliation from GoDaddy…

This is a very serious contractual breach, which threatens to undermine the stability and security of the Internet, as well as embolden other registrars to make similar unilateral changes to their own port 43 Whois services. It has persisted for far too long, having been officially implemented on January 25, 2018. The tools our communities use to do our jobs are broken. Cybersecurity teams are flying blind without port 43 Whois data. And illegal activity will proliferate online, all ostensibly in order to protect GoDaddy customers from spam emails. That is completely disproportionate and unacceptable

He did not disclose which client, if any, he was writing on behalf of, presumably due to fear of reprisals.

He added that his initial outreaches to ICANN Compliance have not proved fruitful.

ICANN said last November that it would not prosecute registrar breaches of the Whois provisions of the Registrar Accreditation Agreements, subject to certain limits, as the industry focuses on becoming compliant with the General Data Protection Regulation.

But GoDaddy has told us that the port 43 throttling is unrelated to GDPR and to the compliance waiver.

Masking Whois data, whether over port 43 or not, is likely to soon become a fact of life anyway. ICANN’s current proposal for GDPR compliance would see public Whois records gutted, with only accredited users (such as law enforcement) getting access to full records.

Namecheap’s Move Your Domain Day actually works

Namecheap appears to have done a year’s worth of transfers in a single day, on its annual Move Your Domain Day promotion.

The company said this week that the promotion, which ran on March 6 this year, saw 20,590 domains transferred in from other registrars.

That’s pretty good compared to its usual transfer activity.

Registry report data shows that Namecheap usually gets 1,000 to 1,500 inbound transfers per month, across all gTLDs.

Move Your Domain Day was originally set up to capitalize on protests over GoDaddy’s support for the Stop Online Piracy Act in late 2011.

That year, when it benefited from greater publicity, the company said it saw over 40,000 transfers.

During the promotion, Namecheap discounts transfers and donates $1.50 per domain to the Electronic Frontier Foundation.

This year, the EFF will be getting a check for $30,885.

Namecheap said earlier in the week that it was having problems processing inbounds from GoDaddy, which it claimed was throttling automated Whois queries, but said it would process the transfers regardless.

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.

March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.

It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.

But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.

“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.

Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.

GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.

However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.

Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?

Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.

This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.

The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

DomainTools scraps apps and APIs in war on spam

Kevin Murphy, January 22, 2018, Domain Services

DomainTools is to scrap at least five of its services as it tries to crack down spam.

It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.

CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.

The iOS app will no longer be supported after February 20th.

The Developer API is no longer supported.

On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.

On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.

The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.

While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.

The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.

In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.

This is the EU law that gives registrants more control over the privacy of their personal data.

Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.

About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.

GoDaddy and DomainTools scrap over Whois access

Kevin Murphy, January 12, 2018, Domain Registrars

GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.

DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.

Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.

He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.

“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”

“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.

DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.

GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.

In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.

GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.

This kind of Twitter exchange is fairly common on GoDaddy’s feed:

While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.

“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”

But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.

“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”

“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.

GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.

Bladel added that DomainTools is still getting more Whois access than other parties using port 43.

“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”

I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.

Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.

GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.

Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.

Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.

Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.

GoDaddy renewal revamp “unrelated” to domainer auction outrage

Kevin Murphy, November 21, 2017, Domain Registrars

GoDaddy has made some big changes to how it handles expired domain names, but denied the changes are related to domainer outrage today about “fake” auctions.

The market-leading registrar today said that it has reduced the period post-expiration during which registrants can recover their names from 42 days to 30. After day 30, registrants will no longer be able to renew or transfer affected names.

GoDaddy is also going to start cutting off customers’ MX records five days after expiry. This way, if they’re only using their domain for email, they will notice the interruption. Previously, the company did not cut off MX records.

The changes were first reported at DomainInvesting.com and subsequently confirmed by a GoDaddy spokesperson.

One impact of this will be to reduce confusion when GoDaddy puts expired domains up for auction when it’s still possible for the original registrant reclaim them, which has been the cause of complaints from prominent domain investors this week.

As DomaingGang reported yesterday, self-proclaimed “Domain King” Rick Schwartz bought the domain GoDaddyBlows.com in order to register his disgust with the practice.

Konstantinos Zournas of OnlineDomain followed up with a critique of his own today.

But the GoDaddy spokesperson denied the changes are being made in response to this week’s flak.

“This is unrelated to any events in the aftermarket,” he said. “We’ve been working on this policy for more than a year.”

He said the changes are a case of GoDaddy “optimizing our systems and processes”. The company ran an audit of when customers were renewing and found that fewer than 1% of names were renewed between days 30 and 42 following expiration, he said.

GoDaddy renews about 2.5 million domains per month in just the gTLDs it carries, according to my records, so a full 1% would equal roughly 25,000 names per month or 300,000 per year. But the company spokesperson said the actual number “quite a bit less” than that.

How many of these renewals are genuinely forgetful registrants and how many are people attempting to exploit the auction system is not known.

The changes will come into effect December 4. The news broke today because GoDaddy has started notifying its high-volume customers.