Latest news of the domain name industry

Recent Posts

Web.com got pwned

Kevin Murphy, November 4, 2019, Domain Registrars

Web.com, which owns top 20 registrars Network Solutions and Register.com, got itself and millions of its customers hacked a few months ago.

The company disclosed last week that malicious hackers broke into its network in late August, making off with customer account information.

The attack was not discovered until October 16.

The compromised data included “name, address, phone numbers, email address and information about the services that we offer to a given account holder”, Web.com said.

“We encrypt credit card numbers and no credit card data was compromised as a result of this incident,” it added.

Customers are being told to change their password next time they log in to their services.

It’s not clear how many registrants were affected. The NetSol accreditation has over seven million domains in the gTLDs alone, while Register.com has almost 1.8 million.

Web.com said it brought on a private security firm to investigate the attack, and informed US law enforcement.

Three-letter .com owned by hospital “hijacked”

Kevin Murphy, August 20, 2019, Domain Registrars

A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working.

The Sonoma Index-Tribune reports that the domain was “maliciously acquired”, according to a hospital spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April.

The Sonoma newspaper speculates that the domain may have been hijacked via a phishing attack. It’s not clear whether the hospital or NetSol, part of the Web.com group, was the target.

Three-letter .com names are highly prized, usually selling for tens of thousands of dollars.

Domain investors should obviously steer clear of svh.com, which will is probably already up for sale.

Not only is there a possibility of attracting unwelcome legal attention, but there’s also the moral implications of paying somebody who would steal from a hospital.

The hospital in question has now changed its name to sonomavalleyhospital.org. This transition, which includes migrating the email addresses of all of its staff, seems to have taken several days.

Anyone sending personal medical information to the old svh.com email addresses may find that information in the wrong hands.

Operation September Thrust leads to another million-domain Radix gTLD

Kevin Murphy, February 4, 2019, Domain Registries

Radix has become the first new gTLD portfolio registry to hit over one million domains in more than one TLD.

It said today that .site has crossed the seven-digit threshold, joining .online, which hit a million names in 2018.

It’s huge recent growth for .site, which had around 561,000 domains under management at the end of September.

Radix CEO Sandeep Ramchandani told DI today that the rapid uptick comes as a result of a marketing program internally code-named “September Thrust”.

This involved promotional pricing — Ramchandani said the cheapest a .site could have been obtained would be about $0.99 — and joint-marketing efforts with multiple registrars.

This mostly involved plugs on registrar home pages, email shots, and promotion in the “check availability” part of registrar storefronts, he said.

The latest transaction reports filed with ICANN show .site grew by about 120,000 DUM in October, with West.cn, NameCheap and Network Solutions (Web.com) the biggest beneficiaries.

NetSol’s .site DUM actually grew by about 10x in the month.

The $1 retail pricing was apparently available at some registrars prior to September, and continues to exist on storefronts today.

ICANN turns 20 today (or maybe not)

Kevin Murphy, September 18, 2018, Domain Policy

ICANN is expected to celebrate its 20th anniversary at its Barcelona meeting next month, but by some measures it has already had its birthday.

If you ask Wikipedia, it asserts that ICANN was “created” on September 18, 1998, 20 years ago today.

But that claim, which has been on Wikipedia since 2003, is unsourced and probably incorrect.

While it’s been repeated elsewhere online for the last 15 years, I’ve been unable to figure out why September 18 has any significance to ICANN’s formation.

I think it’s probably the wrong date.

It seems that September 16, 1998 was the day that IANA’s Jon Postel and Network Solutions jointly published the organization’s original bylaws and articles of incorporation, and first unveiled the name “ICANN”.

That’s according to my former colleague and spiritual predecessor Nick Patience (probably the most obsessive journalist following DNS politics in the pre-ICANN days), writing in now-defunct Computergram International on September 17, 1998.

The Computergram headline, helpfully for the purposes of the post you are reading, is “IANA & NSI PUBLISH PLAN FOR DNS ENTITY: ICANN IS BORN”.

Back then, before the invention of the paragraph and when ALL CAPS HEADLINES were considered acceptable, Computergram was published daily, so Patience undoubtedly wrote the story September 16, the same day the ICANN proposal was published.

A joint Postel/NetSol statement on the proposal was also published September 17.

The organization was not formally incorporated until September 30, which is probably a better candidate date for ICANN’s official birthday, archived records show.

Birthday meriments are expected to commence during ICANN 63, which runs from October 20 to 25. There’s probably free booze in it, for those on-site in Barcelona.

As an aside that amused me, the Computergram article notes that Jones Day lawyer Joe Sims very kindly provided Postel with his services during ICANN’s creation on a “pro bono basis”.

Jones Day has arguably been the biggest beneficiary of ICANN cash over the intervening two decades, billing over $8.7 million in fees in ICANN’s most recently reported tax year alone.

Wix.com obtains ICANN accreditation — bad news for Web.com?

Web site building tools provider Wix.com has got itself an ICANN accreditation, potentially bad news for current partner Web.com.

The Nasdaq-listed, Israel-based company popped up on the official registrar list in the last day or so with the IANA ID 3817.

That means it could before long start selling gTLD domains directly from the registries rather than going through its current business partner.

According to its domain services agreement and other online sources, Wix currently acts as a reseller for Network Solutions, a Web.com company.

Its retail prices are therefore, as you might expect, rather above the market average, pretty much in line with NetSol’s.

If it does choose to go solo, it could potentially pass on savings to its customers, or just pocket higher margins on domain sales.

While Wix says it has 110 million users, obviously it has sold nowhere near that number of domains.

Its relationship with NetSol is not lucrative enough for Web.com to count the relationship as a risk factor in its Securities and Exchange Commission filings, though Wix is listed as one of just a small handful of competitors.

If Web.com should lose Wix as a reseller, we won’t get to find out what impact that had on revenue; Web.com’s going private in a $2 billion deal.

Disclosure: I’ve had to listen to or skip through repetitive Wix ads on YouTube a dozen times a day for what seems like years, so I’m not naturally predisposed to like this company. Same goes for Grammarly. Grrrr!

Web.com to be acquired for $2 billion

Web.com is to go private in a deal valued at roughly $2 billion.

The company, which owns pioneering registrars Network Solutions and Register.com as well as SnapNames and half of NameJet, will be bought by an affiliate of Siris Capital Group, a private equity firm.

The cash, $25-a-share deal has been approved by the Web.com board but is still open to higher bids from third parties until August 5.

The offer is a 30% premium over Web.com’s 90-day average price prior to the deal’s announcement.

While Nasdaq-listed Web.com has briefly topped $26 over the last year, you’d have to go back five years to find it consistently over the $25 mark.

Web.com acquires dozens of registrars from Rightside

Kevin Murphy, May 11, 2016, Domain Services

Web.com has acquired dozens of registrars from rival/partner Rightside, seemingly to boost the success rate of its SnapNames domain drop-catching business.

I’ve established that at least 44 registrars once managed by Rightside/eNom have moved to the Web.com stable in recent weeks, and that might not even be the half of it.

All of the registrars in question are shell companies used exclusively to register pre-ordered names as they are deleted by registries, usually Verisign.

The more registrars you have, the more EPP connections you have to the Verisign registry and the better your chance at catching a domain.

Web.com runs SnapNames, and is in a 50-50 partnership with Rightside on rival drop-catcher NameJet.

The two compete primarily with NameBright’s DropCatch.com, which obtained hundreds of fresh ICANN accreditations last year, bringing its total pool to over 750.

Web.com has fewer than 400 accreditations right now. Rightside has even fewer.

It’s usually quicker to buy a registrar than to obtain a new accreditation from ICANN.

If Web.com finds itself in need of more accreditations in order to compete, and Rightside is happy to let them go, it could be possible to infer that SnapNames is doing rather better in terms of customer acquisition than NameJet.

But the two services recently announced a partnership under which names grabbed by either network would be placed in an auction in which customers of either site could participate.

This would have the effect of increasing the number of caught names going to auction due to there being multiple bidders, and thus the eventual sales prices.

Verisign’s silly .xyz lawsuit thrown out

Kevin Murphy, October 28, 2015, Domain Registries

Verisign has had its false advertising lawsuit against the .xyz gTLD registry thrown out of court.

XYZ.com this week won a summary judgement, ahead of a trial that was due to start next Monday.

“By granting XYZ a victory on summary judgement, the court found that XYZ won the case as a matter of law because there were no triable issues for a jury,” the company said in a statement.

The judge’s ruling does not go into details about the court’s rationale. XYZ’s motion to dismiss has also not been published.

So it’s difficult to know for sure exactly why the case has been thrown out.

Verisign sued in December, claiming XYZ and CEO Daniel Negari had lied in advertising and media interviews by saying there are no good .com domain names left.

Many of its claims centered on this video:

XYZ said its ads were merely hyperbolic “puffery” rather than lies.

Verisign also claimed that XYZ had massively inflated its purported registration numbers by making a shady $3 million reciprocal domains-for-advertising deal with Network Solutions.

XYZ general counsel Grant Carpenter said in a statement: “These tactics appear to be part of a coordinated anti-competitive scheme by Verisign to stunt competition and maintain its competitive advantage in the industry.”

While Verisign has lost the case, it could be seen to have succeeded in some respects.

XYZ had to pay legal fees in “the seven-figure range”, as well as disclose hundreds of internal company documents — including emails between Negari and me — during the discovery phase.

Through discovery, Verisign has obtained unprecedented insight into how its newest large competitor conducts its business.

While I’ve always thought the lawsuit was silly, I’m now a little disappointed that more details about the XYZ-NetSol deal are now unlikely to emerge in court.

Did XYZ.com pay NetSol $3m to bloat .xyz?

Kevin Murphy, August 25, 2015, Domain Registries

Evidence of a possibly dodgy deal between XYZ.com and Network Solutions has emerged.

Court documents filed last week by Verisign suggest that the .xyz registry may have purchased $3 million in advertising in exchange for $3 million of .xyz domain names.

Verisign, which is suing .xyz and CEO Daniel Negari over its allegedly “false” advertising, submitted to the court a list of hundreds of exhibits (pdf) that it proposes to use at trial.

Among them are these two:

  • Email from Negari to Andrew Gorrin re EPP Feed and billing directly for $3,000,000 in domains
  • Credit Memo to Andrew from Negari “We have elected to pay for our $3MM Q2 advertising insertion order, which was dated May 20th with a credit…….” (5/31/14)

Gorrin is Web.com’s senior VP of marketing and Negari is Daniel Negari, XYZ.com’s CEO.

The documents these headings refer to are not public information, and are not likely to be any time soon, but they appear to refer to on the one hand XYZ billing NetSol for $3 million in domain names and on the other NetSol billing XYZ for $3 million in advertising.

Only one of the two document headings is dated, so we don’t know how closely they coincided.

Other headings, among the 446 documents Verisign wants to use at trial, suggest that they happened at pretty much the same time:

  • Email from Andrew Gorrin to Ashley Henning (web.com) re Bulk Purchase of .xyz domains (5/29/14)
  • Email from Andrew Gorrin to Negari re XYZ.Com Advertising IO and Marketing Agreement attaching signed agreements (5/20/14)
  • Email string Ashley Henning to Christine Nagey, Andrew Gorrin, Edward Angstadt re Bulk Purchase of .XYZ Domains (5/30/14)

The emails Verisign cites were dated May 2014, shortly before .xyz went into general availability June 2.

What we seem to be looking at here — and I’m getting into speculative territory here — are references to two more or less simultaneous transactions, both valued at exactly $3 million, between the two parties.

Both companies have consistently refused to address the nature of their deal, citing NDAs.

As you recall, the vast majority of .xyz’s early registrations were provided by NetSol, which pushed hundreds of thousands of free .xyz domains into its customers’ accounts without their explicit consent.

The number of freebies is believed to be about 350,000, based on comments Negari recently made to The Telegraph, in which he stated that .xyz, which had about 850,000 domains in its zone at the time, would have 500,000 registrations if the freebies were excluded.

With a registry fee roughly equivalent to .com’s (.xyz’s is believed to be a little lower), 350,000 names would work out to roughly $3 million.

Negari has stated previously that every .xyz registration was revenue-generating, even the freebies.

Is it possible that NetSol paid XYZ’s registry fees using money XYZ paid it for advertising? Is it possible no money changed hands at all?

I’m not saying either company has done anything illegal, and it’s completely possible I’m completely misunderstanding the situation, but it does rather put me in mind of the old “round-trip” deals that tech firms used to dishonestly prop up their tumbling revenue at the turn of the century.

Back in 2000, the dot-com bubble was on the verge of popping, taking the US economy with it, and companies facing the decline of their businesses came up with “creative” ways to show investors that they were still growing.

AOL Time Warner, for example, “effectively funded its own online advertising revenue by giving the counterparties the means to pay for advertising that they would not otherwise have purchased”.

Regulators exercised their legal options in these cases only where there appeared to be dishonest accounting, and I’ve seen no evidence to suggest that XYZ or Web.com unit NetSol have failed to adhere to anything but the highest accounting standards.

Again, I’m not saying we’re looking at a “round-trip” deal here, and there’s not a great deal of evidence to go on, but it sure smells familiar.

Certainly, questions have been raised that Verisign did not raise in its initial complaint.

Anyway.

On a personal note, I’d like to disclose that among the documents Verisign demanded from XYZ are dozens of pages of previously confidential emails exchanged between myself and Negari.

I’ve read them, and they’re mostly heated arguments about a) his refusal to give details about the NetSol deal and b) my purported lack of journalistic integrity whenever I published a post about .xyz with an even slightly negative angle.

XYZ had no choice but to supply these emails. I can’t blame it for complying with its legal requirements.

I wasn’t the only affected blogger. Mike Berkens, Konstantinos Zournas, Rick Schwartz and Morgan Linton also had their private correspondence compromised by Verisign.

I don’t know how they feel about this violation, but in my view this shows Verisign’s contempt for the media and its disregard for the sanctity of off-the-record conversations between reporters and their sources.

And that’s what I have to say about that.

.xyz starts to plummet — NetSol freebies to blame?

XYZ.com has been seeing its .xyz zone file shrink rapidly over the last five days, likely as a result of free domains pushed out to Network Solutions customers starting to expire.

DI PRO stats show that .xyz has shrunk by 49,658 domains this week — today at 888,413 names compared to a June 4 peak of 942,927.

It was June 4 last year when the industry become aware that NetSol was automatically pushing .xyz names into the accounts of its existing customers without their explicit consent.

Renewal rates usually do not become clear for 45 days after expiration, due to grace periods, but domains can delete earlier.

On June 9, 2014, one year ago today, .xyz had 87,073 domains in its zone file. It’s difficult to see where a loss of almost 50,000 names this week could come from if not the NetSol freebies deleting.

It is believed that the NetSol giveaway contributed about 350,000 names to .xyz’s zone over the period of its offer.

NetSol has been bundling .xyz renewals — which along with the free year of email and privacy comes to a whopping $57 — when it asks its customers to renewal their matching .com/.net/.org domains.

.xyz likely hasn’t seen the worst of its total shrinkage yet.

When eNom pushed free .info domains into its customers’ accounts about 10 years ago the renewal rate on those names was virtually zero.