Latest news of the domain name industry

Recent Posts

Are ISOC’s claims about .org’s history bogus?

Kevin Murphy, December 2, 2019, Domain Registries

The Internet Society has started to fight back against those trying to put a stop to its $1.13 billion sale of Public Interest Registry to Ethos Capital.

Among the tactics being deployed appears to be an attempt to play down the notion that .org has always been considered as a home for non-profits run by a non-profit.

Apparently, it’s perfectly fine for .org to transition back into commercial hands, because not-for-profit ISOC was never intended as its forever home and the TLD was never intended for non-profits anyway.

Is that bullshit?

Yes and no. Mostly yes. It turns out you get a different answer depending on when you look in .org’s storied history.

ISOC, it seems, is starting in 1994, in an internet standard written by Jon Postel (who was ICANN before there was an ICANN).

A statement published by ISOC last week tries to characterize .org as a home for the “miscellaneous”, quoting from RFC 1591

I also want to address some other misconceptions about .ORG. Although .ORG has often been thought of as a “home of non-profits”, the domain was not actually defined that way. In 1994, RFC 1591 described it this way: “ORG – This domain is intended as the miscellaneous TLD for organizations that didn’t fit anywhere else. Some non-government organizations may fit here.”

It’s an accurate quote.

.org is described in other RFCs in a similar way. The earliest reference is 1984’s RFC 920 which says .org means “Organization, any other domains meeting the second level requirements.”

RFC 1032 says:

“ORG” exists as a parent to subdomains that do not clearly fall within the other top-level domains. This may include technical-support groups, professional societies, or similar organizations.

I can’t find any mention of non-profits in any of the relevant DNS RFCs.

ISOC goes on to note that .org was managed by a for-profit entity — Network Solutions, then Verisign — from 1993 until PIR took over in 2003.

Again, that’s true, but while it might have been managed by a commercial entity, NetSol was pretty clear about who .org was for.

When it went public in 1997, the company told would-be investors in its S-1 registration statement:

The most common TLDs include .com, used primarily by commercial entities, .org for nonprofit organizations, .net for network service providers, .edu for universities and .gov for United States governmental entities

That’s pretty unambiguous: the .org registry in 1997 said that .org was for non-profits.

In 2001, when ICANN inked a deal with Verisign to spin off .org into a new registry, there was no ambiguity whatsoever.

In announcing the deal, ICANN said that it would “return the .org registry to its original purpose” and .org would return to “to its originally intended function as a registry operated by and for non-profit organizations” (my emphasis).

The price ICANN paid for extracting .org from Verisign’s clutches was the very first “presumptive renewal” clause being inserted into the .com contract, which has seen Verisign reap billions with no risk of ever losing its golden goose.

The prize was so potentially lucrative that Verisign even agreed to give a $5 million endowment — no questions asked — to the successor registry, for use relaunching or promoting .org.

The only catch was that the new registry had to be a non-profit. Commercial registries — Verisign competitors such as Neustar — wouldn’t get the money.

ICANN and its community spent the remainder of 2001 and most of 2002 devising an RFP, accepting proposals from 11 would-be .org registries, and picking a winner.

The multistakeholder Domain Names Supporting Organization — roughly equivalent to today’s GNSO — was tasked with coming up with a set of principles governing who should get to run .org and how.

It came up with a report in January 2002 that stated, as its first bullet point:

The initial delegation of the .org TLD should be to a non-profit organization that is noncommercial in orientation and the initial board of which includes substantial representation of noncommercial .org registrants.

It went on to say that applicants “should be recognized non-profit entities” and to suggest a few measures to attract such entities to the bidding process.

These recommendations, which secured consensus support of the DNSO’s diverse stakeholders and a unanimous vote of the Names Council (the 2002 equivalent of the GNSO Council), nevertheless never made it into ICANN’s final RFP.

At some point during this process, ICANN decided that it would be unfair to exclude for-profit bidders, so there was no non-profit requirement in the final RFP.

As far as I can tell from the public record and my increasingly unreliable memory, it was Vint Cerf — father of the internet, creator of ISOC, then-chair of ICANN, and one of the few people currently cool with PIR being sold into commercial hands — that opened it up to for-profit bidders.

The decision was made at ICANN’s board meeting in Accra, Ghana, at ICANN 12. Back then, the board did its thinking aloud, in front of an audience, so we have a transcript.

The transcript shows that Cerf recommended that ICANN remain neutral on whether the successor registry was non-profit or for-profit. He put forward the idea that a commercial registry could quite easily create a non-profit entity in order to bid anyway, so it would be a kinda pointless restriction. The board agreed.

So in 2002, 11 entities, some of them commercial, submitted proposals to take over .org.

In ISOC’s bid, it stated that it would use the $5 million Verisign endowment “primarily to expanding outreach to non-commercial organizations on behalf of .ORG”.

ISOC/PIR took Verisign’s millions, as a non-profit, in order to pitch .org at other non-profits, in other words.

The evaluation process to pick Verisign’s successor was conducted by consultancy Gartner, a team of “academic CIOs” and ICANN’s Noncommercial Domain Name Holders’ Constituency (roughly equivalent to today’s Non-Commercial Stakeholders Group).

The NCDNHC was under strict instructions from ICANN management to not give consideration to whether the applicants were commercial or non-commercial, but its report (pdf) did “take notice of longstanding relationships between the bidders (whether for-profit or non-profit) and the noncommercial community available in the public record”.

It ranked the PIR bid as third of the 11 applicants, on the basis that .org money would go to support ISOC and the IETF, which NCDNHC considered “good works”.

ICANN’s preliminary and final evaluation reports were both opened for public comment, and comment from the applicants themselves, and on both occasions ISOC sought to play up its not-for-profit status. In August 2002, it said:

Overall, we believe ISOC’s experience as a not-for-profit, Internet-focused organization, combined with Afilias’ expertise as a stable and proven back end provider, enables us to fully meet all the criteria set forth by the ICANN Board.

In October 2002, it said:

We believe strongly that the voice of the non-commercial community is critical to the long-term success of .ORG. ISOC’s global membership and heritage and PIR’s non-profit status will ensure the registry remains sensitive to non-commercial concerns. Should the ICANN Board select ISOC’s proposal, PIR will execute extensive plans to ensure that this voice is heard.

ISOC’s application was of course ultimately determined to be the best of the bunch, and in October 2002 ICANN decided to award it the contract.

Then there was the small matter of the IANA redelegation. IANA is the arm of ICANN that deals with changes to the root zone. Whenever a TLD changes hands, IANA issues a report explaining how the redelegation came about.

In the case of .org, IANA echoed the previous feelings about .org’s “intended” purpose, stating:

the Internet Society is a long-established organization that is particularly knowledgeable about the needs of the organizations for which the .org top-level domain was intended. By establishing PIR as a subsidiary to serve as the successor operator of .org, the Internet Society has created a structure that can operate the .org TLD in a manner that will be sensitive to the needs of its intended users

So, does history tell us that .org is meant to be a TLD by and for non-profits?

Mostly, yes, I think it does.

Web.com got pwned

Kevin Murphy, November 4, 2019, Domain Registrars

Web.com, which owns top 20 registrars Network Solutions and Register.com, got itself and millions of its customers hacked a few months ago.

The company disclosed last week that malicious hackers broke into its network in late August, making off with customer account information.

The attack was not discovered until October 16.

The compromised data included “name, address, phone numbers, email address and information about the services that we offer to a given account holder”, Web.com said.

“We encrypt credit card numbers and no credit card data was compromised as a result of this incident,” it added.

Customers are being told to change their password next time they log in to their services.

It’s not clear how many registrants were affected. The NetSol accreditation has over seven million domains in the gTLDs alone, while Register.com has almost 1.8 million.

Web.com said it brought on a private security firm to investigate the attack, and informed US law enforcement.

Three-letter .com owned by hospital “hijacked”

Kevin Murphy, August 20, 2019, Domain Registrars

A California hospital has seen its three-letter .com domain reportedly hijacked and transferred to a registrar in China.

Sonoma Valley Hospital, a 75-bed facility north of San Francisco, was using svh.com as its primary domain until earlier this month, when it abruptly stopped working.

The Sonoma Index-Tribune reports that the domain was “maliciously acquired”, according to a hospital spokesperson.

It does not seem to be a case of a lapsed registration.

Historical Whois records archived by DomainTools show that svh.com, which had been registered with Network Solutions, had over a year left on its registration when it was transferred to BizCN in early August.

BizCN is based in China and has around 711,000 gTLD domains under management, having shrunk by about 300,000 names over the 12 months to April.

The Sonoma newspaper speculates that the domain may have been hijacked via a phishing attack. It’s not clear whether the hospital or NetSol, part of the Web.com group, was the target.

Three-letter .com names are highly prized, usually selling for tens of thousands of dollars.

Domain investors should obviously steer clear of svh.com, which will is probably already up for sale.

Not only is there a possibility of attracting unwelcome legal attention, but there’s also the moral implications of paying somebody who would steal from a hospital.

The hospital in question has now changed its name to sonomavalleyhospital.org. This transition, which includes migrating the email addresses of all of its staff, seems to have taken several days.

Anyone sending personal medical information to the old svh.com email addresses may find that information in the wrong hands.

Operation September Thrust leads to another million-domain Radix gTLD

Kevin Murphy, February 4, 2019, Domain Registries

Radix has become the first new gTLD portfolio registry to hit over one million domains in more than one TLD.

It said today that .site has crossed the seven-digit threshold, joining .online, which hit a million names in 2018.

It’s huge recent growth for .site, which had around 561,000 domains under management at the end of September.

Radix CEO Sandeep Ramchandani told DI today that the rapid uptick comes as a result of a marketing program internally code-named “September Thrust”.

This involved promotional pricing — Ramchandani said the cheapest a .site could have been obtained would be about $0.99 — and joint-marketing efforts with multiple registrars.

This mostly involved plugs on registrar home pages, email shots, and promotion in the “check availability” part of registrar storefronts, he said.

The latest transaction reports filed with ICANN show .site grew by about 120,000 DUM in October, with West.cn, NameCheap and Network Solutions (Web.com) the biggest beneficiaries.

NetSol’s .site DUM actually grew by about 10x in the month.

The $1 retail pricing was apparently available at some registrars prior to September, and continues to exist on storefronts today.

ICANN turns 20 today (or maybe not)

Kevin Murphy, September 18, 2018, Domain Policy

ICANN is expected to celebrate its 20th anniversary at its Barcelona meeting next month, but by some measures it has already had its birthday.

If you ask Wikipedia, it asserts that ICANN was “created” on September 18, 1998, 20 years ago today.

But that claim, which has been on Wikipedia since 2003, is unsourced and probably incorrect.

While it’s been repeated elsewhere online for the last 15 years, I’ve been unable to figure out why September 18 has any significance to ICANN’s formation.

I think it’s probably the wrong date.

It seems that September 16, 1998 was the day that IANA’s Jon Postel and Network Solutions jointly published the organization’s original bylaws and articles of incorporation, and first unveiled the name “ICANN”.

That’s according to my former colleague and spiritual predecessor Nick Patience (probably the most obsessive journalist following DNS politics in the pre-ICANN days), writing in now-defunct Computergram International on September 17, 1998.

The Computergram headline, helpfully for the purposes of the post you are reading, is “IANA & NSI PUBLISH PLAN FOR DNS ENTITY: ICANN IS BORN”.

Back then, before the invention of the paragraph and when ALL CAPS HEADLINES were considered acceptable, Computergram was published daily, so Patience undoubtedly wrote the story September 16, the same day the ICANN proposal was published.

A joint Postel/NetSol statement on the proposal was also published September 17.

The organization was not formally incorporated until September 30, which is probably a better candidate date for ICANN’s official birthday, archived records show.

Birthday meriments are expected to commence during ICANN 63, which runs from October 20 to 25. There’s probably free booze in it, for those on-site in Barcelona.

As an aside that amused me, the Computergram article notes that Jones Day lawyer Joe Sims very kindly provided Postel with his services during ICANN’s creation on a “pro bono basis”.

Jones Day has arguably been the biggest beneficiary of ICANN cash over the intervening two decades, billing over $8.7 million in fees in ICANN’s most recently reported tax year alone.

Wix.com obtains ICANN accreditation — bad news for Web.com?

Web site building tools provider Wix.com has got itself an ICANN accreditation, potentially bad news for current partner Web.com.

The Nasdaq-listed, Israel-based company popped up on the official registrar list in the last day or so with the IANA ID 3817.

That means it could before long start selling gTLD domains directly from the registries rather than going through its current business partner.

According to its domain services agreement and other online sources, Wix currently acts as a reseller for Network Solutions, a Web.com company.

Its retail prices are therefore, as you might expect, rather above the market average, pretty much in line with NetSol’s.

If it does choose to go solo, it could potentially pass on savings to its customers, or just pocket higher margins on domain sales.

While Wix says it has 110 million users, obviously it has sold nowhere near that number of domains.

Its relationship with NetSol is not lucrative enough for Web.com to count the relationship as a risk factor in its Securities and Exchange Commission filings, though Wix is listed as one of just a small handful of competitors.

If Web.com should lose Wix as a reseller, we won’t get to find out what impact that had on revenue; Web.com’s going private in a $2 billion deal.

Disclosure: I’ve had to listen to or skip through repetitive Wix ads on YouTube a dozen times a day for what seems like years, so I’m not naturally predisposed to like this company. Same goes for Grammarly. Grrrr!

Web.com to be acquired for $2 billion

Web.com is to go private in a deal valued at roughly $2 billion.

The company, which owns pioneering registrars Network Solutions and Register.com as well as SnapNames and half of NameJet, will be bought by an affiliate of Siris Capital Group, a private equity firm.

The cash, $25-a-share deal has been approved by the Web.com board but is still open to higher bids from third parties until August 5.

The offer is a 30% premium over Web.com’s 90-day average price prior to the deal’s announcement.

While Nasdaq-listed Web.com has briefly topped $26 over the last year, you’d have to go back five years to find it consistently over the $25 mark.

Web.com acquires dozens of registrars from Rightside

Kevin Murphy, May 11, 2016, Domain Services

Web.com has acquired dozens of registrars from rival/partner Rightside, seemingly to boost the success rate of its SnapNames domain drop-catching business.

I’ve established that at least 44 registrars once managed by Rightside/eNom have moved to the Web.com stable in recent weeks, and that might not even be the half of it.

All of the registrars in question are shell companies used exclusively to register pre-ordered names as they are deleted by registries, usually Verisign.

The more registrars you have, the more EPP connections you have to the Verisign registry and the better your chance at catching a domain.

Web.com runs SnapNames, and is in a 50-50 partnership with Rightside on rival drop-catcher NameJet.

The two compete primarily with NameBright’s DropCatch.com, which obtained hundreds of fresh ICANN accreditations last year, bringing its total pool to over 750.

Web.com has fewer than 400 accreditations right now. Rightside has even fewer.

It’s usually quicker to buy a registrar than to obtain a new accreditation from ICANN.

If Web.com finds itself in need of more accreditations in order to compete, and Rightside is happy to let them go, it could be possible to infer that SnapNames is doing rather better in terms of customer acquisition than NameJet.

But the two services recently announced a partnership under which names grabbed by either network would be placed in an auction in which customers of either site could participate.

This would have the effect of increasing the number of caught names going to auction due to there being multiple bidders, and thus the eventual sales prices.

Verisign’s silly .xyz lawsuit thrown out

Kevin Murphy, October 28, 2015, Domain Registries

Verisign has had its false advertising lawsuit against the .xyz gTLD registry thrown out of court.

XYZ.com this week won a summary judgement, ahead of a trial that was due to start next Monday.

“By granting XYZ a victory on summary judgement, the court found that XYZ won the case as a matter of law because there were no triable issues for a jury,” the company said in a statement.

The judge’s ruling does not go into details about the court’s rationale. XYZ’s motion to dismiss has also not been published.

So it’s difficult to know for sure exactly why the case has been thrown out.

Verisign sued in December, claiming XYZ and CEO Daniel Negari had lied in advertising and media interviews by saying there are no good .com domain names left.

Many of its claims centered on this video:

XYZ said its ads were merely hyperbolic “puffery” rather than lies.

Verisign also claimed that XYZ had massively inflated its purported registration numbers by making a shady $3 million reciprocal domains-for-advertising deal with Network Solutions.

XYZ general counsel Grant Carpenter said in a statement: “These tactics appear to be part of a coordinated anti-competitive scheme by Verisign to stunt competition and maintain its competitive advantage in the industry.”

While Verisign has lost the case, it could be seen to have succeeded in some respects.

XYZ had to pay legal fees in “the seven-figure range”, as well as disclose hundreds of internal company documents — including emails between Negari and me — during the discovery phase.

Through discovery, Verisign has obtained unprecedented insight into how its newest large competitor conducts its business.

While I’ve always thought the lawsuit was silly, I’m now a little disappointed that more details about the XYZ-NetSol deal are now unlikely to emerge in court.

Did XYZ.com pay NetSol $3m to bloat .xyz?

Kevin Murphy, August 25, 2015, Domain Registries

Evidence of a possibly dodgy deal between XYZ.com and Network Solutions has emerged.

Court documents filed last week by Verisign suggest that the .xyz registry may have purchased $3 million in advertising in exchange for $3 million of .xyz domain names.

Verisign, which is suing .xyz and CEO Daniel Negari over its allegedly “false” advertising, submitted to the court a list of hundreds of exhibits (pdf) that it proposes to use at trial.

Among them are these two:

  • Email from Negari to Andrew Gorrin re EPP Feed and billing directly for $3,000,000 in domains
  • Credit Memo to Andrew from Negari “We have elected to pay for our $3MM Q2 advertising insertion order, which was dated May 20th with a credit…….” (5/31/14)

Gorrin is Web.com’s senior VP of marketing and Negari is Daniel Negari, XYZ.com’s CEO.

The documents these headings refer to are not public information, and are not likely to be any time soon, but they appear to refer to on the one hand XYZ billing NetSol for $3 million in domain names and on the other NetSol billing XYZ for $3 million in advertising.

Only one of the two document headings is dated, so we don’t know how closely they coincided.

Other headings, among the 446 documents Verisign wants to use at trial, suggest that they happened at pretty much the same time:

  • Email from Andrew Gorrin to Ashley Henning (web.com) re Bulk Purchase of .xyz domains (5/29/14)
  • Email from Andrew Gorrin to Negari re XYZ.Com Advertising IO and Marketing Agreement attaching signed agreements (5/20/14)
  • Email string Ashley Henning to Christine Nagey, Andrew Gorrin, Edward Angstadt re Bulk Purchase of .XYZ Domains (5/30/14)

The emails Verisign cites were dated May 2014, shortly before .xyz went into general availability June 2.

What we seem to be looking at here — and I’m getting into speculative territory here — are references to two more or less simultaneous transactions, both valued at exactly $3 million, between the two parties.

Both companies have consistently refused to address the nature of their deal, citing NDAs.

As you recall, the vast majority of .xyz’s early registrations were provided by NetSol, which pushed hundreds of thousands of free .xyz domains into its customers’ accounts without their explicit consent.

The number of freebies is believed to be about 350,000, based on comments Negari recently made to The Telegraph, in which he stated that .xyz, which had about 850,000 domains in its zone at the time, would have 500,000 registrations if the freebies were excluded.

With a registry fee roughly equivalent to .com’s (.xyz’s is believed to be a little lower), 350,000 names would work out to roughly $3 million.

Negari has stated previously that every .xyz registration was revenue-generating, even the freebies.

Is it possible that NetSol paid XYZ’s registry fees using money XYZ paid it for advertising? Is it possible no money changed hands at all?

I’m not saying either company has done anything illegal, and it’s completely possible I’m completely misunderstanding the situation, but it does rather put me in mind of the old “round-trip” deals that tech firms used to dishonestly prop up their tumbling revenue at the turn of the century.

Back in 2000, the dot-com bubble was on the verge of popping, taking the US economy with it, and companies facing the decline of their businesses came up with “creative” ways to show investors that they were still growing.

AOL Time Warner, for example, “effectively funded its own online advertising revenue by giving the counterparties the means to pay for advertising that they would not otherwise have purchased”.

Regulators exercised their legal options in these cases only where there appeared to be dishonest accounting, and I’ve seen no evidence to suggest that XYZ or Web.com unit NetSol have failed to adhere to anything but the highest accounting standards.

Again, I’m not saying we’re looking at a “round-trip” deal here, and there’s not a great deal of evidence to go on, but it sure smells familiar.

Certainly, questions have been raised that Verisign did not raise in its initial complaint.

Anyway.

On a personal note, I’d like to disclose that among the documents Verisign demanded from XYZ are dozens of pages of previously confidential emails exchanged between myself and Negari.

I’ve read them, and they’re mostly heated arguments about a) his refusal to give details about the NetSol deal and b) my purported lack of journalistic integrity whenever I published a post about .xyz with an even slightly negative angle.

XYZ had no choice but to supply these emails. I can’t blame it for complying with its legal requirements.

I wasn’t the only affected blogger. Mike Berkens, Konstantinos Zournas, Rick Schwartz and Morgan Linton also had their private correspondence compromised by Verisign.

I don’t know how they feel about this violation, but in my view this shows Verisign’s contempt for the media and its disregard for the sanctity of off-the-record conversations between reporters and their sources.

And that’s what I have to say about that.