Latest news of the domain name industry

Recent Posts

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.

March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.

It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.

But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.

“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.

Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.

GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.

However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.

Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?

Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.

This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.

The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

DomainTools scraps apps and APIs in war on spam

Kevin Murphy, January 22, 2018, Domain Services

DomainTools is to scrap at least five of its services as it tries to crack down spam.

It’s getting rids of its mobile apps, its APIs, and is to stop showing registrants’ personal information to unauthenticated users.

CEO Tim Chen told us in an email at the weekend:

The Android app is no longer supported.

The iOS app will no longer be supported after February 20th.

The Developer API is no longer supported.

On February 20th, the Bulk Parsed Whois tool available to Personal Members will no longer be supported.

On February 20th, our production Whois API will no longer be available to individual membership levels, an Enterprise relationships will be required.

It’s all part of an effort to make sure DomainTools services are not being abused by spammers, which has lead to a dispute with GoDaddy over bulk access to its registrants’ Whois data.

The longstanding problem of new registrants getting spammed with calls and emails offering web hosting and such has escalated over the last few years. Domain Name Wire detailed the scale of the abuse registrants can experience in a post last week.

While to my knowledge nobody has directly accused DomainTools of facilitating such abuse, the scrapped services are the ones that would be most useful to these spammers.

The company is also going to scale back what guest users can see when they do a Whois lookup, and is to make automated scraping of Whois records more difficult for paying members.

In a blog post, Chen wrote last week:

As of today, unauthenticated users of the DomainTools Whois Lookup tool will not see personally identifiable information for the registrant parsed out in the results, and will be required to submit a CAPTCHA to see the full raw domain name Whois record. Phone numbers in the parsed results have been replaced with image files, much the same way emails have always been rendered

As well as hoping to ease relations with GoDaddy — the source of a very heavy chunk of DomainTools’ data — the moves are also part of the company’s strategy for dealing with the incoming General Data Protection Regulation.

This is the EU law that gives registrants more control over the privacy of their personal data.

Chen told us earlier this month that DomainTools is keen to ensure its enterprise-level suite of security products, which he said are vital for security and intellectual property investigations, continue to operatie under the new regime.

About 80% of DomainTools’ revenue comes from its enterprise-level customers, over 500 companies.

GoDaddy and DomainTools scrap over Whois access

Kevin Murphy, January 12, 2018, Domain Registrars

GoDaddy has seriously limited DomainTools’ access to its customers’ Whois records, pissing off DomainTools.

DomainTools CEO Tim Chen this week complained to DI that its access to Whois has been throttled back significantly in recent months, making it very difficult to keep its massive database of domain information up to date.

Chen said that DomainTools is currently only able to access GoDaddy’s Whois over port 43 at about 2% of the rate it had previously.

He said that this has been going on for about six months and that the market-leading registrar has been unresponsive to its requests to have previous levels restored.

“By throttling access to the data by 98% they’re defeating the ability of security practitioners to get data on GoDaddy domains,” Chen said. “It’s particularly troublesome because they [GoDaddy] are such a big part of DNS.”

“We have customers who say the quality of GoDaddy data is just degrading across the board, either through direct look-ups or in some of the DomainTools products themselves,” he said.

DomainTools customers include security professionals trying to hunt down the source of attacks and intellectual property interests trying to locate pirates and cybersquatters.

GoDaddy today confirmed to DI that it has been throttling DomainTools’ Whois access, and said that it’s part of ongoing anti-spam measures.

In recent years there’s been an increase in the amount of spam — usually related to web design, hosting, and SEO — sent to recent domain registrants using email addresses harvested from new Whois records.

GoDaddy, as the market-share leader in retail domain sales, takes a tonne of flak from customers who, unaware of standard Whois practice, think the company is selling their personal information to spammers.

This kind of Twitter exchange is fairly common on GoDaddy’s feed:

While GoDaddy is not saying that DomainTools is directly responsible for this kind of activity, throttling its port 43 traffic is one way the company is trying to counter the problem, VP of policy James Bladel told DI tonight.

“Companies like [DomainTools] present a challenge,” he said. “While we may know these folks, we don’t know who their customers are.”

But that’s just a part of the issue. GoDaddy was also concerned about the amount of resources DomainTools was consuming, and its own future legal responsibilities under the European Union’s forthcoming General Data Protection Regulation.

“When [Chen] says they’re down to a fraction or a percentage of what they had previously, well what they had previously was they were updating and archiving Whois almost in real time,” Bladel said. “And that’s not going to fly.”

“That is not only, we feel, not congruent with our responsibilities to our customers’ data, but it’s also, later on down the road, exactly the kind of thing that GDPR and other regulations are designed to stop,” he said.

GDPR is the EU law that, when it fully kicks in in May, gives European citizens much more rights over the sharing and processing of their private data.

Bladel added that DomainTools is still getting more Whois access than other parties using port 43.

“They have a level of access that is much, much higher than what they would normally have as a registrar,” he said, “but much lower than I think they want, because they want to effectively download and keep current the entirety of the Whois database.”

I’m not getting a sense from GoDaddy that it’s likely to backtrack on its changes.

Indeed, the company also today announced that it from January 25 it will start to “mask” key elements of Whois records when queried over port 43.

GoDaddy told high-value customers such as domainers today that port 43 queries will no longer return the registrant’s first name, last name, email address or phone number.

Bulk Whois users such as registrars (and, I assume, DomainTools) that have been white-listed via the “GoDaddy Port43 Process” will continue to receive full records.

Its web-based Whois, which includes a CAPTCHA gateway to prevent scraping, will continue to function as normal.

Bladel said that these changes are NOT related to GDPR, nor to the fact that ICANN said a couple months back that it would not enforce compliance with Whois provisions of the Registrar Accreditation Agreement, subject to certain conditions.

GoDaddy renewal revamp “unrelated” to domainer auction outrage

Kevin Murphy, November 21, 2017, Domain Registrars

GoDaddy has made some big changes to how it handles expired domain names, but denied the changes are related to domainer outrage today about “fake” auctions.

The market-leading registrar today said that it has reduced the period post-expiration during which registrants can recover their names from 42 days to 30. After day 30, registrants will no longer be able to renew or transfer affected names.

GoDaddy is also going to start cutting off customers’ MX records five days after expiry. This way, if they’re only using their domain for email, they will notice the interruption. Previously, the company did not cut off MX records.

The changes were first reported at DomainInvesting.com and subsequently confirmed by a GoDaddy spokesperson.

One impact of this will be to reduce confusion when GoDaddy puts expired domains up for auction when it’s still possible for the original registrant reclaim them, which has been the cause of complaints from prominent domain investors this week.

As DomaingGang reported yesterday, self-proclaimed “Domain King” Rick Schwartz bought the domain GoDaddyBlows.com in order to register his disgust with the practice.

Konstantinos Zournas of OnlineDomain followed up with a critique of his own today.

But the GoDaddy spokesperson denied the changes are being made in response to this week’s flak.

“This is unrelated to any events in the aftermarket,” he said. “We’ve been working on this policy for more than a year.”

He said the changes are a case of GoDaddy “optimizing our systems and processes”. The company ran an audit of when customers were renewing and found that fewer than 1% of names were renewed between days 30 and 42 following expiration, he said.

GoDaddy renews about 2.5 million domains per month in just the gTLDs it carries, according to my records, so a full 1% would equal roughly 25,000 names per month or 300,000 per year. But the company spokesperson said the actual number “quite a bit less” than that.

How many of these renewals are genuinely forgetful registrants and how many are people attempting to exploit the auction system is not known.

The changes will come into effect December 4. The news broke today because GoDaddy has started notifying its high-volume customers.

GoDaddy’s reason for dumping Uniregistry doesn’t make a lot of sense

Kevin Murphy, August 24, 2017, Domain Registrars

GoDaddy, as you may have read, has again decided to dump Uniregistry’s portfolio of TLDs, following wholesale price increases.

But its explanation for the move — trying to provide its customers with a “great product experience” — doesn’t seem to tally with the way it has gone about implementing the change.

The company confirmed this week that it will no longer offer new registrations in Uniregistry’s stable of new gTLDs, but will continue to support existing customers.

The registrar’s EVP of domains, Mike McLaughlin, reportedly explained the move like this:

GoDaddy strives to provide its customers with great product experiences wherever possible. After careful consideration, we decided to stop offering new Uniregistry domain names for sale because their pricing changes caused frustration and uncertainty with our customers.

But the way GoDaddy has gone about this looks like it is set to provide anything other than a great product experience.

For starters, existing registrants of Uniregistry names will find their registrations migrated over to the wholesale registrar Hexonet, for which GoDaddy will act as reseller.

They’ll still be able to manage their names via their GoDaddy control panels, but technically GoDaddy will no longer be the registrar.

This could well add friction to the customer support process, as well as meaning Hexonet will now show up in Whois as the sponsoring registrar.

Accompanying this move is the unexplained removal of Whois privacy services for all affected domains. Registrants will get a refund for their privacy service and will have the opportunity to switch registrars to one that will support privacy.

For those that remain, suddenly their personally identifiable information will become publicly available. This could lead to an increase in complaints and support calls as registrants realize what has happened.

In terms of price, existing registrants will presumably still be affected by Uniregistry’s increases to the same extent as they were previously. Again, their customer experience has not changed.

Overall, the explanation doesn’t make a heck of a lot of sense to me. I put the above points to GoDaddy and VP of domains Rich Merdinger responded, via a company spokesperson:

After we made the decision to stop supporting Uniregistry domain names, we worked to provide the best possible experience we could to our customers. We wanted them to have a transparent experience. They will log in to the same GoDaddy account and service the domain names the same way they always have. Because of the transfer of the name to a different registrar, privacy had to be removed. While this impacts a small subset of these customers, we have done everything to make this transition as smooth as possible.

It’s true that GoDaddy isn’t a big seller of Uniregistry names. It’s one of Uniregistry’s smaller channel partners and the number of Uniregistry names it’s sold — measured in the thousands — is a drop in the ocean of the over 55 million gTLD names it currently has under management.

The two companies are also competitors, it probably should be noted.

But while Uniregistry’s registrar seems to be have been well-received by customers, and its domain volume has grown rapidly in the last three years, it still only had about 1.5 million domains under management at the last count; hardly an existential threat to the Scottsdale behemoth.

It should also be noted that GoDaddy is not the only registrar to distance itself from Uniregistry.

NameCheap also recently discontinued support for the TLDs that are experiencing the biggest price increases. Tucows announced a similar move in May.

GoDaddy had already said it would drop Uniregistry once before, but changed its mind, before changing it back again.

GoDaddy CEO to retire at 58

Kevin Murphy, August 22, 2017, Domain Registrars

GoDaddy CEO Blake Irving tonight announced his retirement from the company.

Irving, 58, said he will leave the corner office at the end of 2017, and will stick around on its board of directors until June next year.

He will be replaced by current chief operating officer Scott Wagner, who joined the registrar in 2013 from KKR, one of the three investment companies that owned GoDaddy in its interregnum between founder Bob Parsons and its 2013 initial public offering.

“After more than three decades in technology, I’ve decided it’s time to retire and begin the next phase of my life,” Irving said in a press release.

He added that revenue and profits had doubled under his watch, which commenced in 2013.

Wagner served as interim CEO of GoDaddy in 2012, after Parsons protege Warren Adelman’s short stint in the role.

He was also named president of the company last year.

GoDaddy’s share price has dipped slightly in after-hours trading in the hour or so since the announcement was made.

Google dumps Nazi domain in hours

Kevin Murphy, August 14, 2017, Domain Registrars

Neo-Nazi blog The Daily Stormer found itself without a registrar for the second time in a day this evening, after Google cancelled its registration.

The company told BBC News:

We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service.

The cancellation came not many hours after GoDaddy, the controversial site’s original registrar, gave its owners 24 hours to find a new registrar.

That was in response to people on Twitter complaining that the Stormer had published an article attacking a victim of alleged right-wing domestic terrorism, which GoDaddy said broke its terms of service inciting violence.

The current Whois record for dailystormer.com indicates that it is still with Google, but in a clientTransferProhibited status.

That means it should not be possible to transfer the name to a third registrar, unless and until Google changes the status.

The domain still resolves, however, from where I’m sitting.

It might be that the Stormer will now find itself registrar-hopping and/or facing a period of downtime.

GoDaddy kicks out neo-Nazi site after dead protester post

Kevin Murphy, August 14, 2017, Domain Registrars

GoDaddy has given neo-Nazi web site The Daily Stormer a day to GTFO after it posted an article viciously attacking the victim of racially motivated violence in Charlottesville, Virginia.

In multiple tweets, the company said this morning that it had given the site’s owners 24 hours to move to a new registrar.

The tweets came in response to those who questioned why GoDaddy continued to host the site in light of an article posted about Heather Heyer, who was killed while protesting white nationalists at a rally on Saturday.

A man has been arrested and charged with her murder, after allegedly driving his car into a crowd, injuring 19 others.

The article in question was a horribly vicious, cartoonishly misogynistic rant, by site founder Andrew Anglin, entitled “Heather Heyer: Woman Killed in Road Rage Incident was a Fat, Childless 32-Year-Old Slut”.

GoDaddy did not specify which terms of service the Stormer had breached, but its terms do include a prohibition against promoting violence.

The Stormer web site has a disclaimer on it stating it is “opposed to violence” and that it will ban any commentators who promote violence.

Within hours of GoDaddy’s tweets, a post appeared on the site claiming to have been written by notorious hacking collective Anonynous, which claimed the site was now under its control.

The post said that the site would be taken down within 24 hours and that quantities of material on the Stormer and Anglin had been obtained.

At this time it is not clear whether the site has really been hacked or is a hoax carried out by the Stormer itself, perhaps designed to make light of upcoming downtime.

The Daily Stormer’s domain has been hosted with GoDaddy since its launch in 2013.

GoDaddy domains business grows 15% in Q2

Kevin Murphy, August 10, 2017, Domain Registrars

GoDaddy saw its revenue from domain name sales increase by almost 15% in the second quarter, the company announced this week.

Its domains revenue was $263.3 million, up 14.6% on the same quarter last year.

That was part of an overall growth trend at the company, which saw revenue for the quarter up 22.3% at $557.8 million.

Revenue growth would have been a point higher but for currency fluctuations. GoDaddy now does about a third of its business outside its native US, helped a deal by its acquisition of Host Europe Group, which closed at the start of the quarter.

Net income for the period was $18.1 million, reversing a loss of $11.1 million a year ago.

Domains account for about 47% of overall revenue at the company.

GoDaddy said it had 17 million customers at the end of the quarter, June 30, adding about a million organically compared to a year earlier and 1.6 million from the HEG acquisition.

At the end of the quarter, the company had $591.2 million in cash and equivalents and debt of $3 billion.

GoDaddy flips hosting business for $456 million

GoDaddy has sold off its recently acquired PlusServer business for €397 million ($456 million).

The buyer is a private equity firm, BC Partners.

The registrar had taken control of the business when it spent $1.79 billion on Host Europe Group earlier this year, but had said from the start that the asset was for sale.

PlusServer sells hosting to larger companies, which have more demanding support needs that small-business-focused GoDaddy is accustomed to dealing with.

The unit was bringing in annual revenue approaching $100 million per year.

GoDaddy said it planned to put the proceeds of the flip towards paying off some loans.