Latest news of the domain name industry

Recent Posts

With 86 days to go, the cost of new gTLDs is still unknown

Kevin Murphy, October 18, 2011, Domain Policy

If you’re planning to apply for a new generic top-level domain or two, wouldn’t it be nice to know how much it’s going to cost you?

It’s less than three months before ICANN opens the floodgates to new gTLD applicants, but you’re probably not going to find out how big your bank account needs to be until the last minute.

With 86 days on the clock until the application window opens, and 177 until it closes, there are still at least two huge pricing policies that have yet to be finalized by ICANN.

The first relates to reduced application fees and/or financial support handouts for worthy applicants from developing nations. I’ll get to that in a separate piece before Dakar.

The second is the controversial Continued Operations Instrument, a cash reserve designed to ensure that new gTLDs continue to operate even if the registry manager goes out of business.

In the current Applicant Guidebook, prospective registries are told to prove that they have enough money – either with a letter of credit or in a cash escrow – to keep their gTLD alive for three years.

To be clear, the COI money doesn’t go into ICANN’s coffers; applicants just need to show that the cash exists, somewhere.

The funds would be used to pay the Emergency Back-End Registry Operator (whichever company that turns out to be) in the event of a catastrophic gTLD business failure.

With hundreds of new gTLDs predicted, many of them likely to be laughably naive, we’re likely to see plenty of such failures.

With that in mind, ICANN wants to make sure that registrants and end users are not impacted by too much downtime if they put their faith in incompetent or unlucky registries.

It is estimated that the COI will amount to a six-figure sum for almost all commercial registries. For generics with a higher projected registration volume it could easily run into the millions.

It’s controversial for a number of reasons.

First, it raises the financial bar to applying considerably.

Forget the $185,000 application fee. Under the COI provision, applicants need to be flush enough to be able to leave millions of dollars dormant in escrow for at least five years.

It’s been sensibly argued that this money would be better devoted to making sure the registry doesn’t fail in the first place.

Second, even though the Guidebook gives .brand applicants the ability to shut down their gTLDs without the risk of another provider taking them over, it also expects them to create a COI.

This appears to be an unnecessary waste of cash. If a single-registrant .brand gTLD fails, the registry itself is the only registrant affected and the COI is essentially redundant.

Third, some applicants are thinking about low-balling their business model projections in order to keep their COI to a manageable amount.

This, as the better new gTLD consultants will tell you, could be a bad idea. When applications are reviewed the evaluators will be looking for discrepancies like this.

If you’re making one set of financial projections to investors and another to ICANN, you risk losing points on and possibly failing the evaluation.

Anyway, with all this in mind (and with apologies for burying the lead) ICANN has just said that it’s thinking about completely revamping the COI policy before applications are accepted.

Seriously.

ICANN’s Registry Stakeholder Group community has made a proposal – which appears to be utterly sensible on the face of it – that would reduce costs by pooling the risk among successful applicants.

The RySG said it that the COI “should not be so burdensome as to actually become a roadblock to the success of new registries by causing capital to be tied up unduly.”

Rather than putting up enough cash to cover its own failure, each successful applicant would pay $50,000 up-front into a Continued Operations Fund that would cover all potential registry failures.

The COF would be administered by ICANN (or possibly a third party), and would be capped at $20 million. In a round of 400 new gTLDs, that target would be reached immediately.

If the COF fell short of $20 million, each registry would have to pay $0.05 per domain name per year into the fund until the cap was reached.

It’s a shared-risk insurance model, essentially.

While ICANN’s COI policy is ultra-cautious, implicitly assuming that ALL new gTLDs could simultaneously fail, the COF proposal assumes that only a small subset will.

Reverse-engineering the RySG’s numbers, the COF appears to cover the risk of failure for registries representing some 10 million domain-years.

ICANN has opened up the proposal to public comments until December 2.

This means we’re unlikely to see any concrete action to approve or reject the COF alternative until, at the earliest, about a month before the first round application window opens.

ICANN likes cutting things fine, doesn’t it?

Registrars not happy with VeriSign abuse plans

Kevin Murphy, October 12, 2011, Domain Registrars

VeriSign has been talking quietly to domain name registrars about its newly revealed anti-abuse policies for several months, but some are still not happy about its plans for .com malware scans.

The company yesterday revealed a two-pronged attack on domain name abuse, designed to counteract a perception that .com is not as secure a space as it should be.

One prong, dealing with law enforcement requests to seize domains, I covered yesterday. It’s already received criticism from the Electronic Frontier Foundation and American Civil Liberties Union.

The other is an attempt to introduce automatic malware scanning into the .com, .net and .name spaces, rather like ICM Registry has said it will do with all .xxx domains.

Unlike the daily ICM/McAfee service, VeriSign’s free scans will be quarterly, but the company intends to also offer a paid-for upgrade that would search domains for malware more frequently.

On the face of it, it doesn’t seem like a bad idea.

But some registrars are worried about the fading line between registrars, which today “own” the customer relationship, and the registries, which for the most part are hidden away in the cloud.

Go Daddy director of network abuse Ben Butler, asked about both of yesterday’s VeriSign proposals, said in a statement that they have “some merit”, but sounded several notes of caution:

This is going to make all registrars responsible for remediation efforts and negative customer-service clean up. The registrar at this point becomes the “middle man,” dealing with customers whose livelihood is being negatively impacted. As mentioned in their report, the majority of sites infected with malware were not created by the “bad guys.”

While there is an appeal process mentioned, it could take some time to get issues resolved, potentially leaving a customer’s website down for an extended period.

This could also create a dangerous situation, allowing registries to gain further control over registrars’ operations – as registrars have the relationship with the registrant, the registrar should be responsible for enforcing policies and facilitating remediation.

It has also emerged that VeriSign unilaterally introduced the malware scanning service as a mandatory feature of .cc and .tv domains – which are not regulated by ICANN – earlier this year.

The changes appear to have been introduced without fanfare, but are clearly reflected in today’s .tv registration policies, which are likely to form the basis of the .com policies.

Some registrars weren’t happy about that either.

Six European registrars wrote to VeriSign last month to complain that they were “extremely displeased” with the way the scanning service was introduced. They told VeriSign:

These changes mark the beginning of a substantive shift in the roles of registries regarding the monitoring and controlling of content and may lead to an increase of responsibility and liability of registries and registrars for content hosted elsewhere. As domain name registrars, we hold the position that the responsibilities for hosted content and the registration of a domain name are substantially different, and this view has been upheld in European court decisions numerous times. In this case, Verisign is assuming an up-front responsibility that surpasses even the responsibilities of a web hoster, and therefore opens the door to added responsibilities and legal liability for any form of abuse.

In the end, the registrar community will have to face the registrant backlash and criticism, waste countless hours of support time to explain this policy to the registrants and again every time they notice downtimes or loss of performance. These changes are entirely for the benefit of Verisign, but the costs are delegated to the registrants, the registrars and the hosting service providers.

The registrars were concerned that scanning could cause hosting performance hits, but VeriSign says the quarterly scan uses a virtual browser and is roughly equivalent to a single user visit.

They were also worried that the scans, which would presumably ignore robots.txt prohibitions on spidering, would be “intrusive” enough to potentially violate European Union data privacy laws.

VeriSign now plans to give all registrars an opt-out, which could enable them to avoid this problem.

It looks like VeriSign’s plans to amend the Registry-Registrar Agreement are heading for ICANN-overseen talks, so registrars may just be digging into a negotiating position, of course.

But it’s clear that there is some unease in the industry about the blurring of the lines between registries and registrars, which is only likely to increase as new gTLDs are introduced.

In the era of new gTLDs, and the liberalization of ICANN’s vertical integration prohibitions, we’re likely to see more registries having hands-on relationships with customers.

ANA finds SEO more effective than Facebook

Kevin Murphy, October 10, 2011, Domain Tech

Advertisers are “beginning to question the effectiveness” of social media marketing, but they’re still mostly sold on the benefits of search engine optimization.

That’s according to a new study from the Association of National Advertisers, the results of which have just been published.

The ANA’s survey of 92 marketers gave SEO an “effectiveness rating” of 52%, the highest rating given to any of the six categories respondents were asked to comment on.

However, that represented a decline of three percentage points from a similar survey in 2009.

Social networking sites (presumably including Facebook, although names were not named) received an effectiveness rating of 28%, up from 17% two years ago, ANA reported.

SEO and social sites were used in marketing by 88% and 89% of respondents respectively.

ANA president Bob Liodice said in a press release:

While marketers have substantially increased their use of newer media platforms over the past few years, they are beginning to question the effectiveness of some of these vehicles. The ANA survey indicates a strong willingness by marketers to integrate innovative new approaches into their marketing mix; however, this enthusiasm is tempered by concerns regarding the return-on-investment of these emerging options.

While it’s all speculation at this point, SEO improvements are often pointed to as a potential (and I stress: potential) benefit of new dot-brand or category-killer top-level domains.

The ANA is the current opponent-in-chief of ICANN’s new gTLD program.

Corsica seeks new gTLD registry operator

Kevin Murphy, October 10, 2011, Domain Registries

The local government of the French island of Corsica is looking for contractors to apply for and manage a .corsica top-level domain.

The Executive Council of the Collectivité Territoriale de Corse issued an RFP in late September. The deadline for responses is October 17, a week from now.

The desired string appears to be the Anglicized .corsica, rather than the French .corse.

Corsica, situated in the Mediterranean, is one of France’s 22 official regions. According to Wikipedia, it has slightly more political power than its mainland counterparts.

Under ICANN’s new gTLD application rules, geographical strings need the approval of the relevant local government before they can be accepted.

I expect any .corsica application would need a letter of support or non-objection from the French national government as well as the Corsican executive, before it is approved.

(via Jean Guillon)

ICANN hunts for anti-cybersquatting database provider

Kevin Murphy, October 10, 2011, Domain Policy

ICANN is in the process of looking for an operator for the Trademark Clearinghouse that will play a crucial brand protection role in new top-level domains.

An RFI published last week says that ICANN is looking for an exclusive contractor, but that it may consider splitting the deal between two companies — one to provide trademark validation services and the other to manage the database.

The TMCH is basically a big database of validated trademarks that registrars/registries will have to integrate with. It will be an integral part of any new gTLD launch.

Registries are obliged by ICANN rules to hold a sunrise period and a Trademark Claims service when they go live, both of which leverage the clearinghouse’s services.

Rather than having to submit proof of trademark rights to each gTLD operator, brand owners will only have to be validated by the TMCH in order to be pre-validated by all gTLDs.

I estimate that the contract is worth a few million dollars a year, minimum.

If the ongoing .xxx sunrise period is any guide, we might be looking at a database of some 30,000 to 40,000 trademark registrations in the first year of the TMCH.

One potential TMCH provider currently charges $100 for the initial first-year validation and a recurring $70 for re-validation in subsequent years.

ICANN has not ruled out the successful TMCH provider selling add-on services too.

But the organization also seems to be at pains to ensure that the clearinghouse is not seen as another gouge on the trademark industry.

The RFI contains questions such as: “How can it be assured that you will not maximize your registrations at the expense of security, quality, and technical and operational excellence?”

The two providers that immediately spring to mind as RFI respondents are IProta and the Clearinghouse for Intellectual Property (CHIP).

Belgium-based CHIP arguably has the most institutional experience. It’s handled sunrise periods for Somalia’s .so, the .asia IDN sunrise, a few pseudo-gTLD initiatives from the likes of CentralNIC (de.com, us.org, etc), and is signed up to do the same for .sx.

Its chief architect, Bart Lieben of the law firm Crowell & Moring, is also well-known in the industry for his work on several sunrise period policies.

IProta is a newer company, founded in London this year by Jonathan Robinson, an industry veteran best known for co-founding corporate domain registrar Group NBT.

The company is currently managing the .xxx sunrise period, which is believed to be the highest-volume launch since .eu in late 2005.

“IPRota is very well positioned on the basis of our recent and past experience so I think we almost certainly will go ahead and respond,” Robinson confirmed to DI.

Domain name registries and registrars could conceivably also apply, based on their experience handling high-volume transactional databases and their familiarity with the EPP protocol.

ICANN sees the potential for conflicts of interest — its RFI anticipates that any already-contracted party applying to run the TMCH will have to impose a Chinese wall to reduce that risk.

The RFI is open for responses until November 25. ICANN intends to name its selected provider February 14, a month after it starts accepting new gTLD applications.

This is another reason, in my view, why submitting an application in January may not be the smartest move in the world.