Latest news of the domain name industry

Recent Posts

Namecheap and others banning coronavirus domains

Kevin Murphy, March 26, 2020, Domain Registrars

Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.

For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.

The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.

CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.

A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.

Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:

Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.

So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.

Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.

Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.

“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.

Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.

US officials gunning for coronavirus domains

Kevin Murphy, March 24, 2020, Domain Registrars

US state and federal law enforcement are pursuing domain names being used to push bogus products and misinformation related to coronavirus Covid-19.

In separate actions, the US Department of Justice forced Namecheap to take down a scam site that was allegedly using fear of coronivirus to hoodwink visitors out of their cash, while the New York Attorney General has written to registrars to demand they take action against similar domains.

The DoJ filed suit (pdf) against the anonymous “John Doe” registrant of coronavirusmedicalkit.com on Saturday and on Sunday obtained a temporary restraining order obliging Namecheap to remove the DNS from the domain and lock it down, which Namecheap seems to have done.

Namecheap is not named as a defendant, but the complaint notes that the DoJ had requested the domain be taken down on March 19 and no action had been taken by the evening of March 21.

The web site in question allegedly informed visitors that the World Health Organization was giving away free coronavirus vaccines to anyone prepared to pay a $4.95 shipping fee by handing over their credit card details.

This is an identity theft scam and wire fraud, the complaint says.

Meanwhile, NYAG Letitia James has sent letters, signed by IT chief Kim Berger, to several large US registrar groups — including GoDaddy, Dynadot, Name.com, Namecheap, Register.com, and Endurance — to ask them to “stop the registration and use of internet domain names by individuals trying to unlawfully and fraudulently profit off consumers’ fears around the coronavirus disease”.

In the letter to GoDaddy (pdf), Berger asks for a “dialogue” on the following preventative measures:

  • The use of automated and human review of domain name registration and traffic patterns to identify fraud;
  • Human review of complaints from the public and law enforcement about fraudulent or illegal use of coronavirus domains, including creating special channels for such complaints;
  • Revising your terms of service to reserve aggressive enforcement for the illegal use of coronavirus domains; and
  • De-registration of the domains cited in the articles identified above that were registered at GoDaddy, and any holds in place on registering new domains related to coronavirus, or similar blockers that prevent rapid registration of coronavirus-related domains.

In other words: try to stop these domains being registered, and take them down if they are.

No specific malicious sites are listed in the letter. Rather, Berger cites a study by Check Point Software that estimates that something like 3% of the more than 4,000 coronavirus-related domains registered between January and March 5 are “malicious” in nature.

Facebook WILL sue more registrars for cybersquatting

Kevin Murphy, March 13, 2020, Domain Registrars

Facebook has already sued two domain name registrars for alleged cybersquatting and said yesterday that it will sue again.

Last week, Namecheap became the second registrar in Facebook’s legal crosshairs, sued in in its native Arizona after allegedly failing to take down or reveal contact info for 45 domains that very much seem to infringe on its Facebook, Instagram and WhatsApp trademarks.

In the complaint (pdf), which also names Namecheap’s Panama-based proxy service Whoisguard as a defendant, the social media juggernaut claims that Whoisguard and therefore Namecheap is the legal registrant for dozens of clear-cut cases of cybersquatting including facebo0k-login.com, facebok-securty.com, facebokloginpage.site and facebooksupport.email.

In a brief statement, Facebook said these domains “aim to deceive people by pretending to be affiliated with Facebook apps” and “can trick people into believing they are legitimate and are often used for phishing, fraud and scams”.

Namecheap was asked to reveal the true registrants behind these Whoisguard domains between October 2018 and February 2020 but decline to do so, according to Facebook.

The complaint is very similar to one filed against OnlineNIC (pdf) in October.

And, according to Margie Milam, IP enforcement and DNS policy lead at Facebook, it won’t be the last such lawsuit.

Speaking at the second public forum at ICANN 67 yesterday, she said:

This is the second in a series of lawsuits Facebook will file to protect people from the harm caused by DNS abuse… While Facebook will continue to file lawsuits to protect people from harm, lawsuits are not the answer. Our preference is instead to have ICANN enforce and fully implement new policies, such as the proxy policy, and establish better rules for Whois.

Make no mistake, this is an open threat to fence-sitting registrars to either play ball with Facebook’s regular, often voluminous requests for private Whois data, or get taken to court. All the major registrars will have heard her comments.

Namecheap responded to its lawsuit by characterizing it as “just another attack on privacy and due process in order to strong-arm companies that have services like WhoisGuard”, according to a statement from CEO Richard Kirkendall.

The registrar has not yet had time to file its formal reply to the legal complaint, but its position appears to be that the domains in question were investigated, found to not be engaging in nefarious activity, and were therefore vanilla cases of trademark infringement best dealt with using the UDRP anti-cybersquatting process. Kirkendall said:

We actively remove any evidence-based abuse of our services on a daily basis. Where there is no clear evidence of abuse, or when it is purely a trademark claim, Namecheap will direct complainants, such as Facebook, to follow industry-standard protocol. Outside of said protocol, a legal court order is always required to provide private user information.

UDRP complaints usually take several weeks to process, which is not much of a tool to be used against phishing attacks, which emerge quickly and usually wind down in a matter of a few days.

Facebook’s legal campaign comes in the context of an ongoing fight about access to Whois data. The company has been complaining about registrars failing to hand over customer data ever since Europe’s GDPR privacy regulation came into effect, closely followed by a new, temporary ICANN Whois policy, in May 2018.

Back then, its requests showed clear signs of over-reach, though the company claims to have scaled-back its requests in the meantime.

The lawsuits also come in the context of renewed attacks at ICANN 67 on ICANN and the domain industry for failing to tackle so-called “DNS abuse”, which I will get to in a follow-up article.

Four big developments in the .org pricing scandal

Kevin Murphy, November 26, 2019, Domain Registries

The renewal of Public Interest Registry’s .org contract and its subsequent acquisition by Ethos Capital is the gift that keeps on giving in terms of newsworthy developments, so I thought I’d bundle up the most important into a single article.

First, ICANN has thrown out the appeal filed by Namecheap and provided a (kinda) explanation of how the recent contract renewal came about.

The board of directors voted to reject Namecheap’s Request for Reconsideration on Thursday, as I reported last week, but the decision was not published until last night.

Namecheap had demanded ICANN reverse its decision to remove the 10%-a-year cap on price increases previously in the .org contract, enabling PIR to unilaterally raise its prices by however much it wants.

It said that ICANN had “ignored” the more then 3,000 people and organizations that had submitted comments opposing the lifting of caps.

But the board said:

ICANN org’s Core Values do not require it to accede to each request or demand made in public comments or otherwise asserted through ICANN’s various communication channels. ICANN org ultimately determined that ICANN’s Mission was best served by replacing price caps in the .ORG/.INFO Renewed RAs with other pricing protections to promote competition in the registration of domain names, afford the same “protections to existing registrants” that are afforded to registrants of other TLDs, and treat registry operators equitably.

The board also decided to describe, in a roundabout kinda way, how it conducts renewal talks with pre-2012 legacy gTLDs, explaining that ICANN “prefers” to move these registries to the 2012 contract, but that it cannot force them over. The resolution states:

All registry agreements include a presumptive right of renewal clause. This clause provides a registry operator the right to renew the agreement at its expiration provided the registry operator is in good standing (e.g., the registry operator does not have any uncured breaches), and subject to the terms of their presumptive renewal clauses.

In the course of engaging with a legacy registry operator on renewing its agreement, ICANN org prefers to and proposes that the registry operator adopts the new form of registry agreement that is used by new gTLDs as the starting point for the negotiations. This new form includes several enhancements that benefit the domain name ecosystem such as better safeguards in dealing with domain name infrastructure abuse, emergency backend support, as well as adoption of new bilaterally negotiated provisions that ICANN org and the gTLD Registries Stakeholder Group conduct from time to time for updates to the form agreement, and adoption of new services (e.g., RDAP) and procedures.

Although ICANN org proposes the new form of registry agreement as a starting place for the renewal, because of the registry operator’s presumptive right of renewal ICANN org is not in a position to mandate the new form as a condition of renewal. If a registry operator states a strong preference for maintaining its existing legacy agreement form, ICANN org would accommodate such a position, and has done so in at least one such instance.

I believe the gTLD referred to in the last sentence is Verisign’s .net, which renewed in 2017 without substantially transitioning to the 2012-round contract.

On the acquisition, the board notes:

the Board acknowledges (and the Requestor points out in its Rebuttal) the recently announced acquisition of PIR, the current .ORG registry operator, and the results of that transaction is something that ICANN organization will be evaluating as part of its normal process in such circumstances.

That appears to be a nod to the fact that ICANN has the power to reject changes of control under exceptional circumstances, per the .org contract.

Despite the wholly predictable rejection of Namecheap’s RfR, appeals against the contract’s new terms may not be over.

For some reason I have yet to ascertain, the very similar RfR filed around the same time by the Electronic Frontier Foundation was not considered, despite being on the agenda for last Thursday’s board meeting.

Additionally, I hear Namecheap has applied for Cooperative Engagement Process status, meaning it is contemplating filing an Independent Review Process appeal.

Second, Ethos Capital, PIR’s new owner, launched a web site in which it attempts to calm many of the concerns, criticisms and conspiracy theories leveled its way since the acquisition was announced.

Found at keypointsabout.org, the site tries to clarify the timing and motivation of the deal.

On timing, Ethos says:

Ethos Capital first approached the Internet Society in September 2019, well after PIR’s contract renewal with ICANN had finished… PIR was not for sale at the time the price caps were lifted on .ORG. The removal of .ORG’s price restrictions earlier this year was not unique to .ORG and was in no way motivated by a desire to sell PIR.

The .org contract was signed at the end of July, so while Ethos may well have been lusting after PIR before the renewal, it apparently did not run towards it with its trousers around its ankles until at least a month later.

On its pricing intentions, Ethos says:

The current price of a .ORG domain name is approximately $10 per year. Our plan is to live within the spirit of historic practice when it comes to pricing, which means, potentially, annual price increases of up to 10 percent on average — which today would equate to approximately $1 per year.

This sounds rather specific, but it’s vague enough to give PIR leeway to, say, introduce a 100% increase immediately and then freeze prices until it averages out at 10% per year. I don’t think the company will do something so extreme, but it would technically be possible the way it’s described here.

On the connections to Abry Partners and former ICANN CEO Fadi Chehade, Ethos says that while founder and CEO Erik Brooks is a 20-year veteran of Abry (which also owns Donuts) “Abry Partners is not involved in this transaction.”

It adds, however, that Chehade’s company, Chehade & Company, where Ethos chief purpose officer Nora Abusitta-Ouri has worked “is an adviser to Ethos”.

What this means, at the very least, is that the new owner of .org allowed an outside contractor to register the domain matching its name in the very gTLD it runs, which most domain veterans will recognize as a rookie mistake.

Ethos goes on to list VidMob Inc, Whistle Sports Inc, Adhark Inc and LiquidX Inc as other companies Ethos has invested in, perhaps rubbishing the hypothesis (which I, admittedly, have publicly floated) that Ethos was a vehicle created by Abry purely to buy up PIR.

Third, Ethos may be funded by “billionaire Republicans”.

.eco registry founder Jacob Malthouse, who’s trying to rouse up support for the #SaveDotOrg campaign, dug up an email apparently sent by ISOC CEO Andrew Sullivan to a members mailing list in the wake of the acquisition announcement, which names some of the backers of the deal.

They are: Perot Holdings, FMR LLC and Solamere Capital.

What they have in common is that they’re all — at least according to Malthouse’s since-amended original post — founded/owned/affiliated with prominent billionaire US Republicans. I’m not sure I’d fully agree with that characterization.

Perot was founded by Ross Perot, who stood for US president as an independent a few times but spent the last couple of decades of his life (which ended in July) as a Republican. I’d say his political affiliation died with him.

FMR, or Fidelity Investments, is run by Abigail Johnson, who inherited the role from her father and grandfather. While she’s made donations to Republicans including local senator, Mitt Romney, she also gave Hillary Clinton a tonne of cash to support her 2016 presidential election run, so I’m not sure I’d necessarily characterize her as die-hard GOP.

Romney himself was involved in the founding of Solamere Capital, the third apparent Ethos investor, but according to its web site he stepped down at the start of this year, long before Ethos was even founded, in order to re-join the US Senate.

I’m not sure what the big deal about these connections is anyway, unless you’re of the (often not unreasonable) belief that you don’t get to be a billionaire Republican without being just a little bit Evil.

Fourth, a bunch of non-profits are campaigning to get the deal scrapped.

The #SaveDotOrg campaign now has its matching .org address and web site, savedotorg.org.

It appears to have been set up by the EFF, but its supporters also include the non-profits American Alliance of Museums, American Society of Association Executives, Aspiration, Association of Junior Leagues International, Inc., Creative Commons, Crisis Text Line, Demand Progress Education Fund, DoSomething.org, European Climate Foundation, Free Software Foundation, Girl Scouts of the USA, Independent Sector, Internet Archive, Meals on Wheels America, National Council of Nonprofits, National Human Services Assembly, NTEN, Palante Technology Cooperative, Public Knowledge, R Street Institute, TechSoup, VolunteerMatch, Volunteers of America, Wikimedia Foundation, YMCA of the USA and YWCA USA.

The letter (pdf) states:

Non-governmental organizations all over the world rely on the .ORG top-level domain. Decisions affecting .ORG must be made with the consultation of the NGO community, overseen by a trusted community leader. If the Internet Society (ISOC) can no longer be that leader, it should work with the NGO community and the Internet Corporation for Assigned Names and Numbers (ICANN) to find an appropriate replacement.

It claims that the new .org contract gives PIR powers to “do significant harm” to non-profits, should they be abused.

The campaign has had a little traction on social media and so far has over 8,000 signatures.

ICANN board meets to consider PIR acquisition TODAY

Kevin Murphy, November 21, 2019, Domain Policy

ICANN’s board of directors will gather today to consider whether the acquisition of Public Interest Registry by a private equity company means that it should reverse its own decision to allow PIR to raise .org prices arbitrarily.

Don’t get too excited. It looks like it’s largely a process formality that won’t lead to any big reversals, at least in the short term.

But I’ve also learned that the controversy could ultimately be heading to an Independent Review Process case, the final form of appeal under ICANN rules.

The board is due to meet today with just two named agenda items: Reconsideration Request 19-2 and Reconsideration Request 19-3.

Those are the appeals filed by the registrar Namecheap in July and rights group the Electronic Frontier Foundation in August.

Namecheap and EFF respectively wanted ICANN to reverse its decisions to remove PIR’s 10%-a-year price-raising caps and to oblige the registry to enforce the Uniform Rapid Suspension anti-cybersquatting policy.

Both parties now claim that the sale by the Internet Society of PIR to private equity firm Ethos Capital, announced last week, casts new light on the .org contract renewal.

The deal means PIR will change from being a non-profit to being a commercial venture, though PIR says it will stick to its founding principles of supporting the non-profit community.

I reported a couple of weeks ago that the board had thrown out both RfRs, but it turns out that was not technically correct.

The full ICANN board did in fact consider both appeals, but it was doing so in only a “preliminary” fashion, according to an ICANN spokesperson. ICANN told me:

On 3 November the Board considered “proposed determinations” for both reconsideration request 19-2 and 19-3. In essence, the Board was taking up the Board Accountability Mechanism Committee (BAMC) role, as the BAMC had not been able to reach quorum in early November due to certain recusals by BAMC members.

Once the Board adopted the proposed determinations (in lieu of the BAMC issuing a recommendation to the Board) the parties that submitted the reconsideration requests had 15 days to submit a rebuttal, for the Board’s full consideration of the matter, which is now on the agenda.

Normally, RfRs are considered first by the four-person BAMC, but in this case three of the members — Sarah Deutsch, Nigel Roberts, and Becky Burr — recused themselves out of the fear of appearing to present conflicts of interest.

The committee obviously failed to hit a quorum, so the full board took over its remit to give the RfRs their first pass.

The board decided that there had been no oversights or wrongdoing. Reconsideration always presents a high bar for requestors. The .org contract was negotiated, commented on, approved, and signed completely in compliance with ICANN’s governing rules, the board decided.

But the ICANN bylaws allow for a 15-day period following a BAMC recommendation during which rejected RfR appellants can submit a rebuttal.

And, guess what, both of them did just that, and both rebuttals raise the PIR acquisition as a key reason ICANN should think again about the .org contract changes.

The acquisition was announced a week ago, and it appears to have come as much of a surprise to ICANN as to everyone else. It’s a new fact that the ICANN board has not previously taken into account when considering the two RfRs, which could prove important.

Namecheap reckons that the deal means that PIR is now almost certain to raise .org prices. New gTLD registry Donuts was bough by Ethos affiliate Abry Partners last year, and this year set about raising prices across the large majority of its 200-odd gTLDs. Namecheap wrote in its rebuttal:

Within months of be acquired by Abry Partners, it raised prices in 2019 for 220 out of its 241 TLDs. Any statements by PIR now to not raise prices unreasonably are just words, and without price caps, there is no way that .org registrants are not used a source to generate revenue for acquisitions or to pay dividends to its shareholders.

It also said:

The timing and the nature of this entire process is suspicious, and in a well-regulated industry, would draw significant scrutiny from regulators. For ICANN not to scrutinize this transaction closely in a completely transparent and accountable fashion (including public disclosure of pertinent information regarding the nature, cost, the terms of any debt associated with the acquisition, timeline of all parties involved, and the principals involved) would demonstrate that ICANN org and the ICANN Board do not function as a trusted or reliable internet steward.

Namecheap also takes issue with the fact that ICANN’s ruling on its RfR (pdf) draws heavily on a 2009 economic analysis by Professor Dennis Carlton, which concluded that price caps were unnecessary in the new gTLD program.

The registrar trashes this analysis as being based on more opinion than fact, and says it is based on outdated market data.

Meanwhile, the EFF’s rebuttal makes the acquisition one of four reasons why it thinks ICANN should reverse course. It said;

ICANN must carefully reexamine the .ORG Registry Agreement in light of this news. Without the oversight and participation of the nonprofit community, measures that give the registry authority to institute new [Rights Protection Mechanisms] or make other major policy changes invite management decisions that conflict with the needs of the .ORG community.

Quite often, RfRs are declined by ICANN because the requestor does not present any new information that the board has not already considered. But in this case, the fact of the PIR acquisition is empirically new information, as it’s only week-old news.

Will this help Namecheap and the EFF with their cause? The board will certainly have to consider this new information, but I still think it’s unlikely that it will change its mind.

But I’ve also learned that Namecheap has filed with ICANN to trigger a Cooperative Engagement Process procedure.

The CEP is an often-lengthy bilateral process where ICANN and an aggrieved party attempt to resolve their differences in closed-door talks.

When CEP fails, it often leads to an Independent Review Process complaint, when both sides lawyer up and three retired judges are roped in to adjudicate. These typically cost both sides hundreds of thousands of dollars in legal fees.

CEP and IRP cases are usually measured in years rather than months, so the PIR acquisition could be under scrutiny for a long time to come.

.org price cap complaints more like “spam” says Ombudsman

Kevin Murphy, September 11, 2019, Domain Policy

ICANN’s Ombudsman has sided with with ICANN in the fight over the lifting of price caps on .org domains, saying many of the thousands of comments objecting to the move were “more akin to spam”.

Herb Waye was weighing in on two Requests for Reconsideration, filed by NameCheap and the Electronic Frontier Foundation in July and August after ICANN and Public Interest Registry signed their controversial new registry agreement.

NameCheap wants ICANN to reverse its decision to allow PIR to raise .org prices by however much it chooses, while the EFF complained primarily about the fact that the Uniform Rapid Suspension anti-cybersquatting measure now appears in the contract.

In both cases, the requestors fumed that ICANN seemed to “ignore” the more than 3,200 comments that were filed in objection back in April, with NameCheap calling the public comment process a “sham”.

But Waye pointed to the fact that many of these comments were filed by people using a semi-automated web form hosted by the pro-domainer Internet Commerce Association.

As far as comments go for ICANN, 3200+ appears to be quite a sizeable number. But, seeing as how the public comments can be filled out and submitted electronically, it is not unexpected that many of the comments are, in actuality, more akin to spam.

With this eyebrow-raising comparison fresh in my mind, I had to giggle when, a few pages later, Waye writes (emphasis in original):

I am charged with being the eyes and ears of the Community. I must look at the matter through the lens of what the Requestor is asking and calling out. The Ombuds is charged with being the watchful eyes of the ICANN Community. The Ombuds is also charged with being the alert “ears” of the Community — with listening — with making individuals, whether Requestors or complainants or those just dropping by for an informal chat, feel heard.

Waye goes on to state that the ICANN board of directors was kept well-briefed on the status of the contract negotiations and that it had been provided with ICANN staff’s summary of the public comments.

He says that allowing ICANN’s CEO to execute the contract without a formal board vote did not go against ICANN rules (which Waye says he has “an admittedly layman’s understanding” of) because contractual matters are always delegated to senior staff.

In short, he sees no reason for ICANN to accept either Request for Reconsideration.

The Ombudsman is not the decision-maker here — the two RfRs will be thrown out considered by ICANN’s Board Accountability Mechanisms Committee at its next meeting, before going to the full board.

But I think we’ve got a pretty good indication here of which way the wind is blowing.

You can access the RfR materials and Waye’s responses here.

Namecheap’s Move Your Domain Day actually works

Namecheap appears to have done a year’s worth of transfers in a single day, on its annual Move Your Domain Day promotion.

The company said this week that the promotion, which ran on March 6 this year, saw 20,590 domains transferred in from other registrars.

That’s pretty good compared to its usual transfer activity.

Registry report data shows that Namecheap usually gets 1,000 to 1,500 inbound transfers per month, across all gTLDs.

Move Your Domain Day was originally set up to capitalize on protests over GoDaddy’s support for the Stop Online Piracy Act in late 2011.

That year, when it benefited from greater publicity, the company said it saw over 40,000 transfers.

During the promotion, Namecheap discounts transfers and donates $1.50 per domain to the Electronic Frontier Foundation.

This year, the EFF will be getting a check for $30,885.

Namecheap said earlier in the week that it was having problems processing inbounds from GoDaddy, which it claimed was throttling automated Whois queries, but said it would process the transfers regardless.

Namecheap accuses GoDaddy of delaying transfers

GoDaddy broke ICANN rules and US competition law by delaying outbound domain transfers yesterday, and not for the first time, according to angry rival Namecheap.

March 6 was Namecheap’s annual Move Your Domain Day, a promotion under which it donates $1.50 to the Electronic Frontier Foundation for every inbound transfer from another registrar.

It’s a tradition the company opportunistically started back in 2011 specifically targeting GoDaddy’s support, later retracted, for the controversial Stop Online Piracy Act, SOPA.

But yesterday GoDaddy was delivering “incomplete Whois information”, which interrupted the automated transfer process and forced Namecheap to resort to manual verification, delaying transfers, Namecheap claims.

“First and foremost this practice is against ICANN rules and regulations. Secondly, we believe it violates ‘unfair competition’ laws,” the company said in a blog post.

Whois verification is a vital part of the transfer process, which is governed by ICANN’s binding Inter-Registrar Transfer Policy.

GoDaddy changed its Whois practices in January. As an anti-spam measure, it no longer publishes contact information, including email addresses vital to the transfer process, when records are accessed automatically over port 43.

However, GoDaddy VP James Bladel told us in January that this was not supposed to affect competing registrars, which have their IP addresses white-listed for port 43 access via a system coordinated by ICANN.

Did GoDaddy balls up its new restrictive Whois practices? Or can the blame be shared?

Namecheap also ran into problems with GoDaddy throttling port 43 on its first Move Your Domain Day in 2011, but DI published screenshots back then suggesting that the company had failed to white-list its IP addresses with ICANN.

This time, the company insists the white-list was not an issue, writing:

As many customers have recently complained of transfer issues, we suspect that GoDaddy is thwarting/throttling efforts to transfer domains away from them. Whether automated or not, this is unacceptable. In preparation for today, we had previously whitelisted IPs with GoDaddy so there would be no excuse for this poor business practice.

Namecheap concluded by saying that all transfers that have been initiated will eventually go through. It also asked affected would-be customers to complain to GoDaddy.

The number of transfers executed on Move Your Domain Day over the last several years appears to be well into six figures, probably amounting to seven figures of annual revenue.

SpamHaus ranks most-botted TLDs and registrars

Kevin Murphy, January 9, 2018, Domain Registrars

Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.

SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.

It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.

The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.

Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.

Neither number includes compromised domains or free subdomains.

The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).

When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.

With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.

But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.

In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.

In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets.

While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.

SpamHaus wrote:

While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.

However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.

The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.

Namecheap to bring millions of domains in-house next week

Kevin Murphy, January 5, 2018, Domain Registrars

Namecheap is finally bringing its customer base over to its own ICANN accreditation.

The registrar will next week accept transfer of an estimated 3.2 million .com and .net domains from Enom, following a court ruling forcing Enom owner Tucows to let go of the names.

The migration will happen from January 8 to January 12, Namecheap said in a blog post today.

Namecheap is one of the largest registrars in the industry, but historically it mostly acted as an Enom reseller. Every domain it sold showed up in official reports as an Enom sale.

While it’s been using its own ICANN accreditation to sell gTLD names since around 2015 — and has around four million names on its own credentials — it still had a substantial portion of its customer base on the Enom ticker.

After the two companies’ arrangement came to an end, and Enom was acquired by Tucows, Namecheap decided to also consolidate its .com/.net names under its own accreditation.

After Tucows balked at a bulk transfer, Namecheap sued, and a court ruled in December that Tucows must consent to the transfer.

Now, Namecheap says all .com and .net names registered before January 2017 or transferred in before November 2017 will be migrated.

There may be some downtime as the transition goes through, the company warned.