Latest news of the domain name industry

Recent Posts

What happened to ICANN’s .net millions?

Questions have been raised about how ICANN accounts for the millions of dollars it receives in fees from .net domain name registrations.

The current .net registry agreement between ICANN and VeriSign was signed in June 2005. It’s currently up for renewal.

Both the 2005 and 2011 versions of the deal call for VeriSign to pay ICANN $0.75 for every .net registration, renewal and transfer.

Unlike .com and other TLDs, the .net contract specifies three special uses for these fees (with my emphasis):

ICANN intends to apply this fee to purposes including:

(a) a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders,

(b) a special restricted fund to enhance and facilitate the security and stability of the DNS, and

(c) general operating funds to support ICANN’s mission to ensure the stable and secure operation of the DNS.

However, almost six years after the agreement was executed, it seems that these two “special restricted funds” have never actually been created.

ICANN’s senior vice president of stakeholder relations Kurt Pritz said:

To set up distinctive organizations or accounting schemes to track this would have been expensive, complex and would have served no real value. Rather — it was intended that the ICANN budget always include spending on these important areas — which it clearly does.

He said that ICANN has spent money on, for example, its Fellowships Program, which pays to fly in delegates from developing nations to its thrice-yearly policy meetings.

He added that ICANN has also paid out for security-related projects such as “signing the root zone and implementing DNSSEC, participating in cross-industry security exercises, growing the SSR organization, conducting studies for new gTLDs”.

These initiatives combined tally up to an expenditure “in excess of the amounts received” from .net, he said.

It seems that while ICANN has in fact been spending plenty of cash on the projects called for by these “special restricted funds”, the money has not been accounted for in that way.

Interestingly, when the .net contract was signed in 2005, ICANN seemed to anticipate that the developing world fund would not be used to pay for internal ICANN activities.

ICANN’s 2005-2006 budget, which was approved a month after the .net deal, reads, with my emphasis:

A portion of the fees paid by the operator of the .NET registry will become part of a special restricted fund for developing country Internet communities to enable further participation in the ICANN mission by developing country stakeholders. These monies are intended to fund outside entities as opposed to ICANN staff efforts.

That budget allocated $1.1 million to this “Developing Country Internet Community Project”, but the line item had disappeared by time the following year’s budget was prepared.

Phil Corwin from the Internet Commerce Association estimates that the $0.75 fees added up to $6.8 million in 2010 alone, and he’s wondering how the money was spent.

“We believe that ICANN should disclose to the community through a transparent accounting exactly how these restricted funds have actually been utilized in the past several years,” Corwin wrote.

He points out that the contract seems to clearly separate the two special projects from “general operating funds”, which strongly suggests they would be accounted for separately.

Given that .net fees have been lumped in with general working capital for the last six years, it seems strange that the current proposed .net registry agreement still calls for the two special restricted funds.

The oddity has come to the attention of the ICA and others recently because the new proposed .net contract would allow VeriSign for the first time to offer differential pricing to registrars in the developing world.

The agreement allows VeriSign to “provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars”, and specifically waives pricing controls for such programs.

It seems probable that this amendment was made possible due to the .net contract’s existing references to developing world projects.

Corwin said ICA has nothing against such programs, but is wary that existing .net registrants may wind up subsidizing registrants in the developing world.

ICANN gets Boing-Boinged over URS

Boing-Boing editor Cory Doctorow caused a storm in a teacup yesterday, after he urged his legions of readers to complain to ICANN about copyright-based domain name seizures and the abolition of Whois privacy services in .net.

Neither change has actually been proposed.

The vast majority of the comments filed on VeriSign’s .net contract renewal now appear to have been sent by Boing-Boing readers, echoing Doctorow’s concerns.

Doctorow wrote: “Among the IPC’s demands are that .NET domains should be subject to suspension on copyright complaints and that anonymous or privacy-shielded .NET domains should be abolished.”

Neither assertion is accurate.

Nobody has proposed abolishing Whois privacy services. Nobody has proposed allowing VeriSign to seize domain names due to copyright infringement complaints.

What has happened is that ICANN’s Intellectual Property Constituency has asked ICANN to make the Uniform Rapid Suspension policy part of VeriSign’s .net contract.

URS is a variation of the long-standing UDRP cybersquatting complaints procedure.

It was created for the ICANN new gTLD Program and is intended to be cheaper and quicker for trademark holders than UDRP, designed to handle clear-cut cases.

While the URS, unlike UDRP, has a number of safeguards against abusive complaints – including an appeals mechanism and penalties for repeat reverse-hijacking trolls.

But the domainer community is against its introduction in .net because it has not yet been finalized – it could still be changed radically before ICANN approves it – and it is currently completely untested.

The IPC also asked ICANN and VeriSign to transition .net to a “thick” Whois, whereby all Whois data is stored at the registry rather than with individual registrars, and to create mechanisms for anybody to report fake Whois data to registrars.

Not even the IPC wants Whois privacy services abolished – chair Steve Metalitz noted during the Congressional hearing on new gTLDs last week that such services do often have legitimate uses.

VeriSign to offer different prices to different registrars?

Kevin Murphy, April 12, 2011, Domain Registries

VeriSign may be able to offer differential pricing for .net domain names under the just-published draft .net registry contract.

The current .net agreement expires at the end of June, but VeriSign has a presumptive right of renewal.

The newly negotiated contract has a new “Special Programs” clause would enable VeriSign to offer pricing incentives to registrars in “underserved geographies” not available to other registrars.

Here’s the meat of the paragraph:

Registry Operator may for the purpose of supporting the development of the Internet in underserved geographies provide training, technical support, marketing or incentive programs based on the unique needs of registrars located in such geographies to such registrars, so long as Registry Operator does not treat similarly situated registrars differently or apply such programs arbitrarily. Registry Operator may implement such programs with respect to registrars within a specific geographic region, provided, that (i) such region is defined broadly enough to allow multiple registrars to participate and (ii) such programs do not favor any registrar in which Registry Operator may have an ownership interest over other similarly situated registrars within the same region.

Later, the part of the contract that limits VeriSign’s registry fee and requires uniform pricing among all registrars has been amended to specifically exclude these special programs.

The contract does seem to envisage differential registrar pricing, within certain geographic parameters, perhaps enabling VeriSign to stimulate growth in low-penetration markets.

It’s probably too early to speculate, given that we don’t know what incentives VeriSign has in mind, but it’s not difficult to imagine a scenario where particularly attractive pricing could cause a bunch of shell companies to emerge in, say, Africa or Asia.

For now, the provision would only apply to .net domains, but VeriSign has been known to use .com as a venue for dry runs of services it wants to offer in .com. The .com contract is up for renewal next year.

The proposed .net contract (pdf) contains a number of other changes (pdf), some of which mirror language found in other registry contracts, some of which are new.

There’s a provision for VeriSign to be able to “prevent” the registration of certain names, such as those that would have led to the Conficker worm spreading, in order to protect the security of the internet.

Some of the things that have not changed are also quite interesting.

With ICANN’s recent “vertical integration” decision, which will allow registries and registrars to own each other, you’d think the .net contract renegotiation would be the perfect opportunity for VeriSign to signal its intentions to get into the registrar business, as Neustar already has.

But it has not. The contract contains the same prohibitions on cross ownership as the earlier version.

And as Domain Name Wire noted, the new contract would allow VeriSign to continue to increase its prices by 10% every year until 2017.

That could lead to a maximum of about $9 per domain per year, including ICANN fees, by the time the deal is next up for renewal, if VeriSign exercised the option every year.

There’s an ICANN public comment period, open until May 10.

VeriSign’s upcoming battle for the Chinese .com

Kevin Murphy, February 16, 2011, Domain Registries

Could VeriSign be about to face off against China for control of the Chinese version of .com? That’s an intriguing possibility that was raised during the .nxt conference last week.

Almost as an aside, auDA chief Chris Disspain mentioned during a session that he believes there are moves afoot in China to apply to ICANN for “company”, “network” and “organization” in Chinese characters. In other words, .com, .net and .org.

I’ve been unable to find an official announcement of any such Chinese application, but I’m reliably informed that Noises Have Been Made.

VeriSign has for several quarters been open about its plans to apply for IDN equivalents of its two flagship TLDs, and PIR’s new CEO Brian Cute recently told me he wants to do the same for .org.

While neither company has specified which scripts they’re looking at, Chinese is a no-brainer. As of this week, the nation is the world’s second-largest economy, and easily its most populous.

Since we’re already speculating, let’s speculate some more: who would win the Chinese .com under ICANN’s application rules, VeriSign or China?

If the two strings were close enough to wind up in a contention set, could VeriSign claim intellectual property rights, on the basis of its .com business? It seems like a stretch.

Could China leapfrog to the end of the process with a community application and a demand for a Community Priority Evaluation?

That also seems like a stretch. It’s not impossible – there’s arguably a “community” of companies registered with the Chinese government – but such a move would likely stink of gaming.

Is there a technical stability argument to be made? Is 公司. (which Google tells me means “company” in Chinese) confusingly similar to .com?

If these TLDs went to auction, one thing is certain: there are few potential applicants with deeper pockets than VeriSign, but China is one of them.

UPDATE: VeriSign’s Pat Kane was good enough to post a lengthy explanation of the company’s IDN strategy in the comments.

VeriSign launches free cloud domain security service

Kevin Murphy, December 2, 2010, Domain Tech

VeriSign is to offer registrars a hosted DNSSEC signing service that will be free for names in .com and the company’s other top-level domains.

The inventively named VeriSign DNSSEC Signing Service offloads the tasks associated with managing signed domains and is being offered for an “evaluation period” that runs until the end of 2011.

DNSSEC is an extension to DNS that allows domains to be cryptographically signed and validated. It was designed to prevent cache poisoning attacks such as the Kaminsky Bug.

It’s also quite complex, requiring ongoing secure key management and rollover, so I expect the VeriSign service, and competing services, will be quite popular among registrars reluctant to plough money into the technology.

While some gTLDs, including .org, and dozens of ccTLDs, are already DNSSEC-enabled, VeriSign doesn’t plan on bringing the technology online in .com and .net until early next year.

The ultimate industry plan is for all domain names to use DNSSEC before too many years.

One question I’ve never been entirely clear on was whether the added costs of implementing DNSSEC would translate into premium-priced services or price increases at the registrar checkout.

A VeriSign spokesperson told me:

The evaluation period is free for VeriSign-managed TLDs and other TLDs. After that period, the VeriSign-managed TLDs will remain free, but other TLDs will have $2 per zone annual fee.

In other words, registrars will not have to pay to sign their customers’ .com, .net, .tv etc domains, but they will have to pay if they choose to use the VeriSign service to sign domains in .biz, .info or any other TLD.