Latest news of the domain name industry

Recent Posts

.porn and .adult sunrises net around 8,000 sales

The sunrise periods for .porn and .adult netted just shy of 4,000 domains per TLD, according to ICM Registry.

The company said .porn received 3,995 registrations while .adult trailed slightly with 3,902.

Those numbers are a combination of regular Trademark Clearinghouse sunrise registrations and Sunrise B registrations.

The ICANN-mandated sunrise periods ended April 1 and were followed by unique Sunrise B periods, during which anyone who bought a .xxx block in 2011 could register the matching new gTLD names.

This time, however, Sunrise B domains actually do resolve.

I believe the the Sunrise B phases accounted for something like 1,500 names apiece.

The previous high bar for 2012-round new gTLD sunrises was .london, with just over 800 registrations.

While .porn and .adult may be record breakers for this round, sales were just a twentieth of the levels seen when .xxx launched in 2011 — about 80,000 names were defensively registered back then.

Later this week, ICM will kick off another launch phase — Domain Matching — during which anyone who owned a .xxx domain prior to April 30 can get their matching .porn and .adult names.

General availability is scheduled for June 4.

Dumb ICANN bug revealed secret financial data to new gTLD applicants

Kevin Murphy, April 30, 2015, Domain Registries

Secret financial projections were among 330 pieces of confidential data revealed by an ICANN security bug.

Over the last two years, a total of 19 new gTLD applicants used the bug to access data belonging to 96 applicants and 21 registry operators.

That’s according to ICANN, which released the results of a third-party audit this afternoon.

Ashwin Rangan, ICANN’s new chief information and innovation officer, confirmed to DI this afternoon that the data revealed to unauthorized users included private financial and technical documents that gTLD applicants attached to their applications.

It would have included, for example, documents that dot-brand applicants reluctantly submitted to demonstrate their financial health.

But Rangan said it was not clear whether the glitch had been exploited deliberately or accidentally.

While saying the situation was “very deeply regrettable”, he added that applicant data deemed confidential when it was submitted back in 2012 may not be considered as such today.

The vulnerability was in ICANN’s Global Domains Division Portal, which was taken offline for three days at the end of February and early March after the bug was reported by a user.

Two outside consulting firms were brought in to scan access logs going back to the launch of the new gTLD portal back in April 2013.

What they found was that any user of the portal could access any attachment to any application, whether it belonged to them or a third-party applicant, simply by checking a radio button in the advanced search feature.

It was a misconfiguration by ICANN of the Salesforce.com software used by GDD, rather than a coding error, Rangan said.

“The public/private data sharing setting can be On or Off and here it was set to On,” he said.

On 330 occasions, starting “in earliest part of when the portal first became available” two years ago, these 19 users would have been exposed to data they were not supposed to be able to see.

The audit has been unable to determine whether the users actually downloaded confidential data on those occasions.

What’s confirmed is that only new gTLD applicants were able to use the glitch. No third-party hackers were involved.

The 19 users who, whether they meant to or not, exploited this vulnerability are now going to be sent letters asking them to explain themselves. They’ll also be asked to delete anything they downloaded and to not share it with third parties.

Before May 27, ICANN will also contact those applicants whose secret data was exposed, telling them which rival applicants could have seen it.

Rangan said that there have been almost 600,000 GDD sessions in the last two years, and that only 36 of them revealed data to unauthorized users.

“It’s a small fraction,” he said. “The question is whether they just stumbled across something they were not even aware of… Looking at the log files it is not clear what is the case.”

ICANN seems to be giving the 19 users the benefit of the doubt so far, but still wants them to explain their actions.

As CIO, Rangan was not able to comment on whether the breach exposes ICANN or applicants to any kind of legal liability.

It’s not the first time sensitive applicant data has been exposed. Back in 2012, DI discovered that the home addresses of the directors of applicants had been published, despite promises that they would remain private.

At the time of the original GDD portal misconfiguration, ICANN had noted security expert Jeff “The Dark Tangent” Moss as its chief security officer.

Earlier this week, ICANN’s board of directors authorized expenses of over $500,000 to carry out security audits of ICANN’s code.

.xyz dismisses own ads as “puffery”

Kevin Murphy, April 30, 2015, Domain Registries

XYZ.com has dismissed its own claim that .xyz is the “next .com” as “mere opinion or puffery”, in an attempt to resolve a false advertising lawsuit filed by Verisign.

Attempting to get the lawsuit resolved without going to the expense of a full trial, the registry has filed with the court a lengthy, rather self-deprecating deconstruction of its own marketing.

It says among other things that the blog posts and videos at issue are “not statements of fact but rather mere puffery, hyperbole, predictive, or assertions of opinion”.

Verisign sued XYZ and its CEO, Daniel Negari, in December, claiming that the video embedded below reflects “a strategy to create a deceptive message to the public that companies and individuals cannot get the .COM domain names they want from Verisign, and that XYZ is quickly becoming the preferred alternative.”

Last week XYZ filed a motion asking the court to rule on the pleadings only, meaning it would not go to trial. It appears to be an effort by the smaller company to avoid any more unnecessary legal fees.

“Verisign is attempting to litigate XYZ out of business complaining about a vanity video, website blog posts, and opinions stated to a reporter,” the motion says.

The document goes to great lengths to argue that the video, blog posts and interviews given by Negari are not “statements of fact”, but rather mere “hyperbole”.

It even goes to the extent of arguing that its ads make Verisign look good:

XYZ’s claim to be “the next .com” could not plausibly harm Verisign’s commercial interest because the claim reinforces that Verisign’s .COM is the most-popular, most-successful domain. Perhaps consumers think that since .XYZ is the next .COM, they should not buy other new domains. Perhaps consumers buy more .COM domains because XYZ has promoted Verisign as the market leader. But Verisign suffering any injury as a result of XYZ’s statements is implausible.

Some might view the old Honda in the video with the “COM” license plate as trusty and reliable, and the Audi sports car with “XYZ” as high maintenance, impracticable, and too trendy.

Verisign may or may not win the lawsuit, but it does seem to have succeeded in getting XYZ to cut the balls off of its own marketing.

Verisign has not yet filed a response to XYZ’s motion, which will be heard in court May 8.

You can download the PDF of the motion here.

.xyz helps CentralNic double its revenue

Kevin Murphy, April 28, 2015, Domain Registries

CentralNic’s revenue almost doubled in 2014, helped by the launch of new gTLDs.

The UK-based registry today reported annual operating profit of £497,000 ($759,000), down from £694,000 ($1.05 million) in 2013, on the back of revenue up 99% at £6.06 million ($9.25 million).

Billings– money taken but not yet recorded as revenue — was up a whopping 154% at £9.89 million ($15.1 million).

Part of the reason for the growth was the launch of new gTLDs last year.

CentralNic acts as the registry back-end for eight TLDs that launched last year, including runaway volume leader .xyz, which has about 880,000 domains in its zone file today.

Another big contributor was Internet.bs, the Bahamas-based registrar that CentralNic acquired for $7.5 million last year.

The registrar had about 400,000 legacy gTLD domains under management at the end of the year, according to DI’s records.

Both new gTLDs and Internet.bs started contributing to revenue in the second half of the year.

CentralNic also said that its new “enterprise” division, which sells premium domains and offers consulting and software, was a growth factor.

CEO Ben Crawford told the markets that the new gTLD opportunity has so far been “softer” than expected.

Only a small number of retailers received their accreditations from ICANN to sell domains under the new TLDs in 2014, and a lack of public awareness pending the launches of the “superbrand TLDs” such as .google, .apple and .sony, meant that the market for new TLDs in 2014 was softer than had been projected by ICANN and other industry experts. It was essentially limited to domain investors and other early adopters.

Opinion in split in the industry on how much reliance can be put on what Crawford calls “super-brands” to do the heavy lifting when it comes to public awareness of new gTLDs.

.hiv reserve set at $200,000, revenue so far $83,000

Kevin Murphy, April 24, 2015, Domain Registries

The soon-to-be-auctioned new gTLD .hiv has a reserve price of $200,000, but the registry reckons it’s worth as much as $700,000.

That’s according to auction documents provided by dotHIV Registry to DI today.

The documents also reveal that .hiv has made a profit revenue of $83,000 in its first seven months.

UPDATE: Germany-based dotHIV says now that the reference to “net income” in its prospectus was a translation error. The $83,000 refers to revenue — the top line, not the bottom line. The company intends to update its auction documents “instantly”.

Earlier today we reported that the gTLD is to go under the hammer with Innovative Auctions on June 3/4.

We reported that the gTLD had about 2,000 registrations, but it turns out that number includes about 1,700 registry-reserved names.

The actual number, as of March 31, is 410, of which 345 pay the $179 annual registry fee. Another 63 domains were given away for free to HIV charities for a three-year period.

While this generated a net income revenue of $83,000, registry CEO Carolin Silbernagl confirmed to DI that its contract with ICANN is supposed to require “all” of its profits to be donated to HIV causes.

According to the documents:

Public Interest Commitment binds the TLD to non-profit operations. All excess profit, after the deduction of all thinkable costs and investments, is to be donated to a charitable cause of the owner’s choice.

We have founded and built the .hiv TLD as a tool for positive social impact. To safeguard this vision, the voluntary PIC in the .hiv Registry Agreement binds the owner to invest all excess profit in the projects that support the fight against AIDS.

All this comes at no risk for the registry: Operational costs are covered first. No one expects you to donate if there is no surplus. Costs include the purchase price of the TLD in this auction.

The registry’s documents affirm that the key reason to buy .hiv would be to boost your public image due to “corporate social responsibility”.

The buyer would also get free marketing support from the German ad agency thjnk and free data escrow from NCC Group until July 2017, along with a bunch of software dotHIV uses to manage the TLD.

According to dotHIV, there were 14,000 pre-registrations with registrars prior to launch. Most balked at the high registration fee and did not convert into buyers.

The registry says the new owner could capitalize on some of this interest, growing volumes, by reducing its registry fee.

There are 47 registrars accredited to sell .hiv domains, including Go Daddy.

Premium names sold so far, for between $1,500 and $5,000, include: treat.hiv, test.hiv, cure.hiv, prevent.hiv, magazin.hiv, hivanswers.hiv, prävention.hiv, prep.hiv, vorsorge.hiv.

If dotHIV makes a profit from selling the gTLD, it says it will donate it to HIV charities.