Latest news of the domain name industry

Recent Posts

SpamHaus ranks most-botted TLDs and registrars

Kevin Murphy, January 9, 2018, Domain Registrars

Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.

SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.

It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.

The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.

Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.

Neither number includes compromised domains or free subdomains.

The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).

When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.

With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.

But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.

In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.

In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets.

While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.

SpamHaus wrote:

While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.

However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.

The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.

Namecheap to bring millions of domains in-house next week

Kevin Murphy, January 5, 2018, Domain Registrars

Namecheap is finally bringing its customer base over to its own ICANN accreditation.

The registrar will next week accept transfer of an estimated 3.2 million .com and .net domains from Enom, following a court ruling forcing Enom owner Tucows to let go of the names.

The migration will happen from January 8 to January 12, Namecheap said in a blog post today.

Namecheap is one of the largest registrars in the industry, but historically it mostly acted as an Enom reseller. Every domain it sold showed up in official reports as an Enom sale.

While it’s been using its own ICANN accreditation to sell gTLD names since around 2015 — and has around four million names on its own credentials — it still had a substantial portion of its customer base on the Enom ticker.

After the two companies’ arrangement came to an end, and Enom was acquired by Tucows, Namecheap decided to also consolidate its .com/.net names under its own accreditation.

After Tucows balked at a bulk transfer, Namecheap sued, and a court ruled in December that Tucows must consent to the transfer.

Now, Namecheap says all .com and .net names registered before January 2017 or transferred in before November 2017 will be migrated.

There may be some downtime as the transition goes through, the company warned.

NameCheap stops selling .xyz domains

Kevin Murphy, October 11, 2016, Domain Registrars

NameCheap may have sold over a million .xyz domains, but apparently it will sell no more than that.

The registrar confirmed to DI this evening that it is no longer taking .xyz registrations. It declined to explain why.

It has also stopped selling .college and .rent domains — two other gTLDs owned by XYZ.com. Other new gTLDs are not affected.

It’s reportedly not accepting inbound transfers either, though existing domains can be renewed.

The switch-off happened at the end of last month, a NameCheap representative said.

That’s just one month after the registrar celebrated its one millionth .xyz registration, which XYZ.com commemorated with a blog post bigging up NameCheap’s user-customers.

The move is peculiar indeed. NameCheap is the third highest-volume .xyz registrar, behind West.cn and Uniregistry, responsible for about 15% of .xyz’s domains under management.

It’s also NameCheap’s biggest direct-selling gTLD by a considerable margin.

NameCheap is well-known as primarily an eNom reseller — it accounts for 28% of eNom’s domains under management and 18% of its revenue, largely from .com sales.

But with new gTLDs it has started selling domains on its own IANA ticker, meaning a direct connection to the registry and more gross profit for itself.

According to June’s registry reports, the million .xyz names accounted for roughly two thirds of NameCheap’s total DUM (not counting names sold via eNom).

The closet rival in its portfolio is .online, which provided the registrar with about 81,000 DUM.

The registrar added about 350,000 .xyz domains in June, a month in which it briefly offered them at $0.02 each.

At that time, the company reported technical issues that led to a 12-24 hour backlog of registrations to process, though its blog post announcing the problem appears to have since been deleted.

NameCheap has declined to comment on the reason for the surprise move, and XYZ did not immediately respond to a request for comment.

The fact that all of XYZ.com’s TLDs have been cut off suggests some kind of dispute between the two companies, but the fact that renewals can still be processed would suggest that NameCheap has not lost its .xyz accreditation.

More info if I get it…

.xyz tops 5 million domains as penny deals continue

XYZ.com became the first new gTLD operator to top five million domains in a single TLD last night, when .xyz added almost 1.5 million names.

According to our parse of today’s zone file, .xyz has 5,096,589 names, up 1,451,763 on yesterday’s 3,644,826.

On Monday, the number was just under 2.8 million.

The massive spike came after what was supposed to be the final day of a three-day discounting blitz, as registrars sold the names for $0.02, $0.01 or even nothing.

Uniregistry, which sold for a penny, seems to have claimed the lion’s share of the regs.

The company supplied DI with data showing it had processed over 1.16 million registrations on June 2, about 90% of which CEO Frank Schilling said were .xyz sales.

At its peak, Uniregistry created 95,793 new domains in an hour, this data shows.

Judging by the numbers published on its home page, the registrar has pretty much doubled its domains under management overnight.

The rapid growth of .xyz is very probably not over.

Some registrars said they will carry on with the penny giveaways for an extra day.

At least one popular registrar, NameCheap, told irritated customers that the popularity of its $0.02 offer meant it had a backlog of registration requests that would take 12 to 24 hours to process. Those may not have showed up in the zone file yet.

In addition, .xyz prices are expected to be dirt cheap — just $0.18 at Uniregistry, for example — for the rest of the month, at least at the 50-odd registrars XYZ says are participating in its promotion.

Registrars selling .xyz names for pennies

XYZ.com’s campaign to keep its volumes high as .xyz approaches its second anniversary seem to have resulted in basically free registrations.

Uniregistry said yesterday that it has started selling .xyz domains for just $0.01, and NameCheap is offering them for $0.02.

The prices, which apply to first-year registrations, kicked in yesterday and expire at midnight June 3.

Over in China, Xin Net and West.cn are both pricing the domains at a relatively huge CNY 2 ($0.30).

I expect there are similar offers at other registrars too.

West.cn. the largest .xyz registrar, said last week that it is also subsidizing renewals for the month of June, bringing the cost down to $2.73.

The aforementioned registrars have big splashes announcing the offers on their home pages.

XYZ said Friday that it has put aside “several million dollars” to advertise its birthday on registrar storefronts and elsewhere.

Uniregistry said that from June 3 to June 30 the price will be just $0.18.

Uniregistry’s current .xyz volume is measured in the tens of thousands. It’s ranked just behind Go Daddy, which does not appear to be participating in this promotion, by .xyz domains under management.

.xyz went into general availability June 2, 2014.

Since August 2015, not long after its anniversary deletes have been substantially outstripping renewals, but adds have been going nuts.

It has about 2.8 million domains in its zone file right now, two million of which have been added in the last 12 months.

Despite the anniversary hoopla this time around, there was not a big spike in .xyz registrations around its first birthday last year, when it added a fairly normal 50,000 or so domains.