Latest news of the domain name industry

Recent Posts

Foot-dragging Amazon has bumper crop of new gTLDs

Kevin Murphy, December 7, 2015, Domain Registries

Amazon Registry Services took possession of 17 new gTLDs at the weekend.

The would-be portfolio registry had .author, .book, .bot, .buy, .call, .circle, .fast, .got, .jot, .joy, .like, .pin, .read, .room, .safe, .smile and .zero delegated to the DNS root zone.

Amazon seems to have waited until the last possible moment to have the strings delegated.

It signed its registry agreements — which state the TLDs must be delegated with a year — in mid-December 2014.

Don’t plan on being able to register domains in any of these gTLDs. You may be disappointed.

All of the strings were originally applied for as what became known as “closed generics”, in which Amazon would have been the only permitted registrant.

It recanted this proposed policy in early 2014, formally amending its applications to avoid the Governmental Advisory Committee’s anti-closed-generic advice.

Its registry contracts do not have the standard dot-brand carve-outs.

However, the latest versions of its applications strongly suggest that registrant eligibility is going to be pretty tightly controlled.

The applications state: “The mission of the <.TLD> registry is: To provide a unique and dedicated platform while simultaneously protecting the integrity of Amazon’s brand and reputation.”

They go on to say:

Amazon intends to initially provision a relatively small number of domains in the .CIRCLE registry to support the goals of the TLD… Applications from eligible requestors for domains in the .CIRCLE registry will be considered by Amazon’s Intellectual Property group on a first come first served basis and allocated in line with the goals of the TLD.

They state “domains in our registry will be registered by Amazon and eligible trusted third parties”.

Amazon has not yet published its TLD start-up information, which may provide more clarity on how the company intends to handle these strings.

I suspect we’ll be looking at a policy that amounts to a workaround of the closed-generic ban.

The registry seems to be planning to run its registry from AmazonRegistry.com.

Schilling: registries could wind-down unprofitable gTLDs

Kevin Murphy, December 4, 2015, Domain Registries

New gTLD portfolio registries may one day decide to wind down some of their gTLDs if they fail to reach profitability.

That’s according to Uniregistry CEO Frank Schilling, who told DI today that registries may “sunset” under-performing TLDs.

His comments came in response to our post earlier today about registries going out of business involuntarily due to lack of sales.

But he’s referring to registries managing large numbers of strings, winding down the unprofitable ones in a controlled manner.

“I can’t see Uniregistry doing that today, but if in round two we get 100 strings that all kill it and we have some round one stuff that sucks, yes,” he said in an email. “I would consider raising prices to get the string profitable or sunset the string.”

“That said,” he added, “that’s 5-8 years out [and] by then even the slowest should be profitable.”

ICANN security advisor predicts “hundreds” of new gTLDs will “go dark”

Kevin Murphy, December 4, 2015, Domain Registries

A security company led by a member of ICANN’s top security committee reckons that “hundreds” of new gTLDs are set to fail, leading to web sites “going dark”.

Internet Identity, which provides threat data services, made the prediction in a press release this week.

IID’s CTO, quoted in the release, is Rod Rasmussen. He’s a leading member of the Anti-Phishing Working Group, as well as a member of ICANN’s influential Security and Stability Advisory Committee.

He has a dim view of new gTLDs:

Most new gTLDs have failed to take off and many have already been riddled with so many fraudulent and junk registrations that they are being blocked wholesale. This will eventually cause ripple effects on the entire domain registration ecosystem, including consolidation and mass consumer confusion as unprofitable TLDs are dropped by their sponsoring registries.

The press release acknowledges that ICANN has an Emergency Back-End Registry Operator (EBERO) program, which will keep failing gTLDs alive for up to three years after the original registry operator goes out of business.

But it continues:

questions abound as to who would risk an investment in poorly performing TLDs, especially as they start to number in the hundreds. “That’s why eventually some are going to just plain go dark,” added Rasmussen.

The prediction is for “2017 and beyond”. Given the existence of the EBERO, we’re probably looking at 2020 before IID’s claim can be tested.

It’s a bit of a strange prediction to come out of a security company.

The whole point of EBERO is to make sure domain names do not go dark, giving either the registry the chance to sell on the gTLD or the registrants a three-year heads-up that they need to migrate to a different TLD.

It would be a bit like being told that there’s a horrible bit of malware that is set to brick your computer, but that you’ll be fine if you change your anti-virus provider in the next three years.

I could live with that kind of security threat, personally.

But what are the chances of hundreds of live, non-dot-brand going fully post-EBERO dead in the next few years?

I’d say evidence to date shows the risk may be over-stated. It may happen to a small number of TLDs, but to “hundreds”?

We’ve already seen new gTLD registries essentially fail, and they’ve been taken over by others even when they’re by definition not profitable.

Notably, .hiv — which has a contractual agreement with ICANN to not turn a profit — failed and was nevertheless acquired by Uniregistry.

We also see registries including Afilias and Donuts actively searching for failing gTLDs to acquire.

It’s official: new gTLDs didn’t kill anyone

Kevin Murphy, December 2, 2015, Domain Tech

The introduction of new gTLDs posed no risk to human life.

That’s the conclusion of JAS Advisors, the consulting company that has been working with ICANN on the issue of DNS name collisions.

It is final report “Mitigating the Risk of DNS Namespace Collisions”, published last night, JAS described the response to the “controlled interruption” mechanism it designed as “annoyed but understanding and generally positive”.

New text added since the July first draft says: “ICANN has received fewer than 30 reports of disruptive collisions since the first delegation in October of 2013. None of these reports have reached the threshold of presenting a danger to human life.”

That’s a reference to Verisign’s June 2013 claim that name collisions could disrupt “life-supporting” systems such as those used by emergency response services.

Names collisions, you will recall, are scenarios in which a newly delegated TLD matches a string that it is already used widely on internal networks.

Such scenarios could (and have) led to problems such as system failure and DNS queries leaking on to the internet.

The applied-for gTLDs .corp and .home have been effectively banned, due to the vast numbers of organizations already using them.

All other gTLDs were obliged, following JAS recommendations, to redirect all non-existent domains to 127.0.53.53, an IP address chosen to put network administrators in mind of port 53, which is used by the DNS protocol.

As we reported a little over a year ago, many administrators responded swearily to some of the first collisions.

JAS says in its final report:

Over the past year, JAS has monitored technical support/discussion fora in search of posts related to controlled interruption and DNS namespace collisions. As expected, controlled interruption caused some instances of limited operational issues as collision circumstances were encountered with new gTLD delegations. While some system administrators expressed frustration at the difficulties, overall it appears that controlled interruption in many cases is having the hoped-for outcome. Additionally, in private communication with a number of firms impacted by controlled interruption, JAS would characterize the overall response as “annoyed but understanding and generally positive” – some even expressed appreciation as issues unknown to them were brought to their attention.

There are a number of other substantial additions to the report, largely focusing on types of use cases JAS believes are responsible for most name collision traffic.

Oftentimes, such as the random 10-character domains Google’s Chrome browser uses for configuration purposes, the collision has no ill effect. In other cases, the local system administrators were forced to remedy their software to avoid the collision.

The report also reveals that the domain name corp.com, which is owned by long-time ICANN volunteer Mikey O’Connor, receives a “staggering” 30 DNS queries every second.

That works out to almost a billion (946,728,000) queries per year, coming when a misconfigured system or inexperienced user attempts to visit a .corp domain name.

Verisign v XYZ judge confirms both companies suck

Kevin Murphy, November 21, 2015, Domain Registries

Verisign and XYZ.com have both come out of a US lawsuit looking like scumbags.

Explaining his dismissal of Verisign’s false advertising lawsuit against .xyz registry XYZ.com, Virginia judge Claude Hilton today said that XYZ.com’s statements about its registration numbers were “verifiably true”.

At the same time, he confirmed that they came about as a result of a bullshit deal with Network Solutions to bolster .xyz’s launch numbers.

The judge’s ruling confirms for the first time the financial details of the deal between XYZ and Web.com (Network Solutions) that saw .xyz’s registration volume rocket in its first few weeks of general availability. He wrote:

Web.com purchased 375,000 domain names for a price of $8 each totaling $3 million dollars. In exchange, XYZ purchased advertising from Web.com in the form of 1,000 impressions for $10 each, at a total cost of $3 million dollars. Instead of cash exchanging hands, advertising credit was given to XYZ and the .xyz domain names were given to Web.com, who subsequently gave them away as free trials to their subscribers.

In other words, XYZ bought $10,000 of advertising for $3 million and paid for it with $3 million of free .xyz domains — 375,000 of them.

That bogus deal enabled XYZ to report big reg volume numbers without actually, legally, lying,

“The statements regarding Defendants’ revenue and number of registrations are statements of fact that are verifiably true,” the judge wrote.

When the Defendants [XYZ.com] stated they were a market leader in new TLD’s and that they had the most new registrations than any other TLD, they were basing that information off of an accurate zone file. Further, the zone file confirms that there are over 120 million .com registrations and one {1) million .xyz registrations. These statements are also true.

The judge said he was dismissing the suit not just because XYZ wasn’t lying, but also because Verisign couldn’t show that it had been harmed.

The number of .com registrations has actually been going up, he noted.

Much of Verisign’s complaint centered on this ad:

Verisign said the ad lied about the availability of .com domains, which XYZ denied.

The judge said:

The video posted to YouTube is puffery and opinion. It displays no actual domain names, and communicates a subjective measure of value and superiority, not capable of being proven false.

“Puffery” is a term with legal weight in false advertising cases under US law. It basically means that advertisers are allowed to exaggerate. XYZ had in fact used the “puffery” defense.

The judge seems to have relied heavily on zone file analysis to reach his conclusions. He wrote.

according to Plaintiff’s [Verisign’s] own data, .com names are largely unavailable. In a given month, Plaintiff reports that it receives about two (2) billion requests to register <.com> domain names, yet fewer than three (3) million are actually registered.

I believe that “two billion” number refers to how many “attempted adds” Verisign gets every month for .com domains, as reported in its monthly reports with ICANN.

That number would include every automated attempt to register a dropping domain by every registrar.

It’s not a reflection of how many actual human beings attempt and fail to register .com domains and, in my view, it’s worrying that the judge took it to mean that.

In summary, the lawsuit managed to unearth the dirty reality behind XYZ’s launch “success”, whilst also making Verisign look like a petty, petulant, child.

Everybody loses.

Except the lawyers, obviously, who have been paid millions.