Latest news of the domain name industry

Recent Posts

Together at last: NetSol merges with Register.com

Kevin Murphy, August 5, 2011, Domain Registrars

The first-ever .com domain name registrar and its first-ever competitor are to merge as part of Web.com’s strategy to scale up and better compete with Go Daddy.

Web.com, which bought Register.com a little over a year ago, has now turned its attention to bigger fish. It’s agreed to buy Network Solutions for $561 million in cash and stock.

The combined company will have three million customers, revenue of over $450 million, and over nine million domains under management.

By my reckoning, this means Web.com becomes the fourth-largest registrar by domain count, a position already held by NetSol, a couple of million domains behind Tucows.

NetSol was of course the original .com registrar/registry and Register.com was the first competitor to start selling domains after ICANN introduced competition to the market.

Both registrars were briefly public companies in their own right, before being re-privatized around the same time it became apparent Go Daddy and the other discount registrars were eating their lunch.

This shared history is still evident today – both companies still sell domain names for 1999 prices, and they’re both still losing customers as a result.

CEO David Brown said on a conference call announcing the deal that Register.com is currently losing 13,000 subscribers, net, per quarter.

This is not as bad as the 20,000 per quarter at the time of the acquisition, but it’s still over 140 customers jumping ship, on average, every day.

Brown said that NetSol’s churn is similar; its customer base is “declining very slowly”, albeit from a stronger starting position.

When VeriSign sold NetSol in 2003, it said the unit had about four million customers. Today, according to Web.com’s announcement, it’s closer to two million.

The NetSol deal will enable Web.com to expand its focus from small businesses, Register.com’s core market, to medium-sized businesses too, Brown said.

“This is a unique chance for Web.com to quickly gain major scale in our sweet spot – the small and mid-size business market,” he told analysts.

The larger scale will also enable the company to ramp up its marketing efforts, he said, helping it to gain mindshare from “another company” (cough–Go Daddy–cough).

Both the NetSol and Register.com brands will stay, but the primary brand in its advertising campaigns will be Web.com

Both NetSol and Register.com still operate at very much the high-end of the pricing spectrum, having stubbornly resisted pricing pressures for the last decade.

Register.com currently sells .com domain names for $38 a year, NetSol sells them for $35.

However, on the analysts’ call, Brown discussed the success of a recent marketing campaign at Register.com, which offered domains at cheaper prices than usual.

“We discovered marketing a lower-price domain name was driving a total order value that was more than ten times higher due to additional offerings,” he said.

I wonder where they got that idea from.

ICANN beefs up new TLD fraudster checks

Kevin Murphy, May 31, 2011, Domain Policy

ICANN has broadened the background checks in its new top-level domains program to ban companies with a history of consumer fraud from applying for a new gTLD.

The new check in the Applicant Guidebook reads as follows:

a final and legally binding decision obtained by a national law enforcement or consumer protection authority finding that the applicant was engaged in fraudulent and deceptive commercial practices as defined in the Organization for Economic Co-operation and Development (OECD) Guidelines for Protecting Consumers from Fraudulent and Deceptive Commercial Practices Across Borders may cause an application to be rejected. ICANN may also contact the applicant with additional questions based on information obtained in the background screening process.

The OECD guidelines, which define deceptive practices, were suggested by ICANN’s Governmental Advisory Committee as a way to keep out the fraudsters.

I speculated last week that implementation of such rules could capture Network Solutions and/or VeriSign, due to their dodgy dealings almost a decade ago.

But it appears that the two companies are safe – the wording is such that it likely does not apply to the settlement NetSol made with the Federal Trade Commission which, while legally binding, was explicitly not a “finding” of fact or law.

The Guidebook also now asks applicants to disclose if they have been “disciplined by any government or industry regulatory body for conduct involving dishonesty or misuse of funds of others”. The “industry regulatory body” text is a new insertion.

Could VeriSign be banned from new TLDs?

Kevin Murphy, May 28, 2011, Domain Policy

Governments have proposed stricter background checks on new top-level domain operators that could capture some of the industry’s biggest players.

Top-five registrar Network Solutions and .com manager VeriSign may have reason to be concerned by the latest batch of Governmental Advisory Committee recommendations.

The GAC wants checks on new gTLD applicants expanded to include not only criminal convictions and intellectual property violations but also government orders related to consumer fraud.

The GAC advised ICANN, with my emphasis:

The GAC believes that the categories of law violations that will be considered in the background screening process must be broadened to include court or administrative orders for consumer protection law violations. If an applicant has been subject to a civil court or administrative order for defrauding consumers, it should not be permitted to operate a new gTLD.

This is not new – the GAC has proposed similar provisions before – but it seems to be the only GAC advice on applicant screening that ICANN has not yet adopted, and the GAC is still pushing for it.

Why could VeriSign and NetSol be worried by this?

One reason that springs to mind is that, back in 2003, NetSol was officially barred by the US Federal Trade Commission from the practice known as “domain slamming”.

Domain slamming, you may recall, was one of the dirtiest “marketing” tactics employed by the registrar sector during the early days of competition.

Registrars would send fake invoices with titles such as “Renewal and Transfer Notice” to the addresses of their rivals’ customers, mined from Whois data.

The letters were basically tricks designed to persuade customers ignorant of the domain name lifecycle to transfer their business to the slamming registrar.

Respectable registrars have nothing to do with such practices nowadays, but a decade ago companies including NetSol and Register.com, the two largest registrars at the time, were all over it.

At the time NetSol was carrying out its slamming campaign, it was part of VeriSign. It was spun off into a separate company earlier in 2003, before the FTC entered its order.

The order (pdf) was approved by a DC judge as part of a deal that settled an FTC civil lawsuit, alleging deceptive practices, against the company.

NetSol was not fined and did not admit liability, but it did agree to be permanently enjoined from any further slamming, and had to file compliance notices for some time afterward.

It seems plausible that this could fall into the definition of a “civil court or administrative order for defrauding consumers” that the GAC wants added to the Applicant Guidebook’s background checks.

Whether the GAC’s advice, if implemented by ICANN, would capture NetSol and/or VeriSign is of course a matter of pure speculation at the moment.

I think it’s highly unlikely that ICANN would put something in the Guidebook that banned VeriSign, its single largest source of funding (over a quarter of its revenue) from the new gTLD program.

Sadly, I think I may also be unfairly singling out these two firms here – I’d be surprised if they’re the only companies in the domain name industry with this kind of black mark against their names.

Existing background checks in the Applicant Guidebook governing cybersquatting are already thought to pose potential problems for registrars including eNom and Go Daddy.

UPDATE: It looks like NSI and VeriSign are probably safe.

ICE domain seizures enter second phase

Kevin Murphy, April 20, 2011, Domain Policy

The US Immigration & Customs Enforcement agency seems to be consolidating its portfolio of seized domain names by transferring them to its own registrar account.

Many domains ICE recently seized at the registry level under Operation “In Our Sites” have, as of yesterday, started naming the agency as the official registrant in the Whois database.

ICE, part of the Department of Homeland Security, has collected over 100 domains, most of them .coms, as part of the anti-counterfeiting operation it kicked off with gusto last November.

The domains all allegedly either promoted counterfeit physical goods or offered links to bootleg digital content.

At a technical level, ICE originally assumed control of the domains by instructing registries such as VeriSign, the .com operator, to change the authoritative name servers for each domain to seizedservers.com.

All the domains pointed to that server, which is controlled by ICE, resolve to a web server displaying the same image:

ICE seized domains banner

(The banner, incidentally, appears to have been updated this month. If clicked, it now sends visitors to this anti-piracy public service announcement hosted at YouTube.)

Until this week, the Whois record associated with each domain continued to list the original registrant – a great many of them apparently Chinese – but ICE now seems to be consolidating its portfolio.

As of yesterday, a sizable chunk — but by no means all — of the seized domains have been transferred to Network Solutions and now name ICE as the registrant in their Whois database records.

Rather than simply commandeering the domains, it appears that ICE now “owns” them too.

But ICE has already allowed one of its seizures to expire. The registration for silkscarf-shop.com expired in March, and it no longer points to seizedservers.com or displays the ICE piracy warning.

The domain is now listed in Redemption Period status, meaning it is starting along the road to ultimately dropping and becoming available for registration again.

Interestingly, most of the newly moved domains appear to have been transferred into NetSol from original registrars based in China, such as HiChina, Xin Net and dns.com.cn.

After consulting with a few people more intimately familiar with the grubby innards of the inter-registrar transfer process than I am, I understand that the names could have been moved without the explicit intervention of either registrar, but that it would not be entirely unprecedented if the transfers had been handled manually under the authority of a court order.

If I find out for sure, I’ll provide an update.

NetSol to alert cops over domain hijacking

Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.

Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.

In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:

We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.

Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.

According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.

While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.

Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.

The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.

His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.