Latest news of the domain name industry

Recent Posts

India’s biggest bank switches to dot-brand

Kevin Murphy, February 22, 2017, Domain Registries

State Bank of India has announced plans to migrate all of its web sites to its new dot-brand gTLD.

The company has been responsible for .sbi since it was delegated by ICANN last April, but bank.sbi is its first live domain name.

Currently, while bank.sbi is live and resolving, the old domain sbi.co.in appears to still be its primary address.

However, SBI said “all of the bank’s internet presence… shall soon be migrated to the .sbi gTLD”.

There will be a period of crossover while customers get used to the change, it said in a press release.

The bank said: “a gTLD site like .sbi conveys an assurance to the customer that the site is authorised, genuine and is not an inappropriate or phishing site”.

The move is perhaps significant given that SBI is state-owned, and one might expect some level of nationalism when it comes to domain choice.

But SBI, India’s largest bank with $490 billion in assets under management, is not the first bank to say it plans to use its dot-brand as its primary TLD.

BNP Paribas, the world’s biggest non-Chinese bank, uses .bnpparibas for almost everything, particularly in its native France. It has three domains in the Alexa top 100,000 most-visited web sites.

Others with dot-brands in use include Barclays and Citi.

Phishing in new gTLDs up 1,000% but .com still the worst

Kevin Murphy, February 20, 2017, Domain Registries

The .com domain is still the runaway leader TLD for phishing, with new gTLDs still being used for a tiny minority of attacks, according to new research.

.com domains accounted for 51% of all phishing in 2016, despite only having 48% of the domains in the “general population”, according to the 2017 Phishing Trends & Intelligence Report
from security outfit PhishLabs.

But new gTLDs accounted for just 2% of attacks, despite separate research showing they have about 8% of the market.

New gTLDs saw a 1,000% increase in attacks on 2015, the report states.

The statistics are based on PhishLabs’ analysis of nearly one million phishing sites discovered over the course of the year and include domains that have been compromised, rather than registered, by attackers.

The company said:

Although the .COM top-level domain (TLD) was associated with more than half of all phishing sites in 2016, new generic TLDs are becoming a more popular option for phishing because they are low cost and can be used to create convincing phishing domains.

There are a few reasons new gTLDs are gaining traction in the phishing ecosystem. For one, some new gTLDs are incredibly cheap to register and may be an inexpensive option for phishers who want to have more control over their infrastructure than they would with a compromised website. Secondly, phishers can use some of the newly developed gTLDs to create websites that appear to be more legitimate to potential victims.

Indeed, the cheapest new gTLDs are among the worst for phishing — .top, .xyz, .online, .club, .website, .link, .space, .site, .win and .support — according to the report.

But the numbers show that new gTLDs are significantly under-represented in phishing attacks.

According to separate research from CENTR, there were 309.4 million domains in existence at the end of 2016, of which about 25 million (8%) were new gTLDs.

Yet PhishLabs reports that new gTLD domains were used for only about 2% of attacks.

CENTR statistics have .com with a 40% share of the global domain market, with PhishLabs saying that .com is used in 51% of attacks.

The difference in the market share statistics between the two sets of research is likely due to the fact that CENTR excludes .tk from its numbers.

Again, because PhishLabs counts hacked sites — in fact it says the “vast majority” were hacked — we should probably exercise caution before attributing blame to registries.

But PhishLabs said in its report:

When we see a TLD that is over-represented among phishing sites compared to the general population, it may be an indication that it is more apt to being used by phishers to maliciously register domains for the purposes of hosting phishing content. Some TLDs that met these criteria in 2016 included .COM, .BR, .CL, .TK, .CF, .ML, and .VE.

By far the worst ccTLD for phishing was Brazil’s .br, with 6% of the total, according to the report.

Also notable were .uk, .ru, .au, .pl, and .in, each with about 2% of the total, PhishLabs said.

Blah blah ICANN blah .africa blah delegated blah blah…

Kevin Murphy, February 15, 2017, Domain Registries

Today blah blah ZA Central Registry blah blah .africa blah delegated blah.

ICANN blah blah root blah. Blah blah ZACR blah nic.africa.

Blah blah five years blah blah contention blah lawsuit blah blah DotConnectAfrica blah. Blah blah Bekele blah IRP blah.

ICANN blah blah Governmental Advisory Committee blah blah blah African Union blah blah blah.

Blah blah Geographic Names Panel blah blah controversy blah blah blah blah lawsuit blah blah blah leg to stand on.

Blah racist blah blah conspiracy blah blah blah… nutty. Blah.

Blah reporting blah damned blah story blah forever blah blah bored blah blah blah blah.

Blah blah blah.

.africa to finally go live after judge denies injunction

Kevin Murphy, February 10, 2017, Domain Policy

A Los Angeles court has rejected a demand for a preliminary injunction preventing ICANN delegating .africa, meaning the new gTLD can go live soon.

Judge Howard Halm ruled February 3, in documents published last night, that the “covenant not to sue” signed by every new gTLD applicant is enforceable and that Africans are being harmed as long as .africa is stuck in legal limbo.

The ruling comes two and a half years after ZA Central Registry, the successful of the two .africa applicants, signed its Registry Agreement with ICANN.

Rival applicant DotConnectAfrica, rejected because it has no African government support, is suing ICANN for fraud, alleging that it failed to follow its own rules and unfairly favored ZACR from the outset.

Unfortunately, the ruling does not address the merits of these claims. It merely says that DCA is unlikely to win its suit due to the covenant it signed.

Halm based his decision on the precedent in Ruby Glen v ICANN, the Donuts lawsuit that seeks to stop ICANN awarding .web to Verisign. The judge in that case ruled last November that Donuts signed away its right to sue.

An earlier judge in the DCA v ICANN case had ruled — based at least in part on a misunderstanding of the facts — that the covenant was unenforceable, but that decision now seems to have been brushed aside.

Halm was not convinced that DCA would suffer irreparable harm if ZACR got given .africa, writing:

The .Africa gTLD can be re-delegated to DCA in the event DCA prevails in this litigation… Further, it appears that any interim harm to DCA can be remedied by monetary damages

He balanced this against the harm of NOT delegating .africa:

The public interest also weighs in favor of denying the injunction because the delay in the delegation of the .Africa gTLD is depriving the people of Africa of having their own unique gTLD.

So what now?

ICANN said in a statement: “In accordance with the terms of its Registry Agreement with ZACR for .AFRICA, ICANN will now follow its normal processes towards delegation.”

As of this morning, ZACR’s .africa bid is officially still marked as “On Hold” by ICANN, though this is likely to change shortly.

Assuming ZACR has already completed pre-delegation testing, delegation itself could be less than a week away.

If DCA’s record is anything to go by, it seems unlikely that this latest setback will be enough to get it to abandon its cause.

Its usual MO whenever it receives an adverse decision or criticism is to double down and start screaming about conspiracies.

While the injunction was denied, the lawsuit itself has not been thrown out, so there’s still plenty of time for more of that.

You can read Halm’s ruling here (pdf).

Antitrust feds probing Verisign’s .web deal

Kevin Murphy, February 10, 2017, Domain Policy

US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.

The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:

On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.

He did not comment further, beyond describing it as “kind of like a subpoena”.

Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.

Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.

ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.

But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.

It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.

It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.

Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.

The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.

It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.