Latest news of the domain name industry

Recent Posts

Schilling, Famous Four rubbish Spamhaus “worst TLD” league

Kevin Murphy, March 17, 2016, Domain Registries

Uniregistry and Famous Four Media have trashed claims by Spamhaus that their gTLDs are are much as 75% spam.

FFM says it is “appalled” by the “wholly inaccurate” claims, while Uniregistry boss Frank Schilling said Spamhaus has “totally jumped the shark here.”

In a statement to DI today, FFM chief legal officer Oliver Smith said the spam-fighting organization’s recently launched World’s Worst TLDs list is “reckless”, adding that the numbers are:

not only wholly inaccurate, but are misleading and, potentially, injurious to the reputation of Famous Four Media and those TLDs it manages. It is particularly worrisome that Spamhaus’s “findings” seem to have been taken as gospel within certain corners of the industry, despite not being proffered with any analytical methodology in support of the same.

The Spamhaus report, which is updated daily, presents the 10 TLDs that are more spam than not.

The rank is based on a percentage of domains seen by Spamhaus that Spamhaus considers to be “bad” — that is, are advertised in spam or carry malware.

Today, Uniregistry’s .diet tops the chart with “74.4% bad domains”, but the scores and ranks can and do shift significantly day by day.

Spamhaus describes its methodology like this:

This list shows the ratio of domains seen by the systems at Spamhaus versus the domains our systems profile as spamming or being used for botnet or malware abuse. This is also not a list that retains a long history, it is a one-month “snapshot” of our current view.

The words “seen by the systems at Spamhaus” are important. If a domain name never crosses Spamhaus’s systems, it isn’t counted as good or bad. The organization is not running the whole zone file against its block-list to check what the empirical numbers are.

In important ways, the Spamhaus report is similar to the discredited Blue Coat report into “shady” TLDs last September, which was challenged by myself and others.

However, in a blog post, Spamhaus said it believes its numbers are reflective of the TLDs as a whole:

In the last 18-years, Spamhaus has built its data gathering systems to have a view of most of the world’s domain traffic. We feel the numbers shown on this list are representative of the actual full totals.

I disagree.

In the case of .diet, for example, if 74% of the full 19,000-domain zone was being used in spam, that would equate to 14,000 “bad” domains.

But the .diet zone is dominated by domains owned by North Sound Names, the Frank Schilling vehicle through which Uniregistry markets its premium names.

NSN snapped up well over 13,000 .diet names at launch, and Schilling said today that NSN owns north of 70% of the .diet zone.

That would mean either Uniregistry is a spammer, or Spamhaus has no visibility into the NSN portfolio and its numbers are way the hell off.

“Spamhaus’ assertion that 74% of the registrations in the .diet space are spam is a numerical impossibility,” Schilling said. “They totally jumped the shark here.”

NSN’s domains don’t send mail, he said.

He added that diet-related products are quite likely to appear in spam, which may help account for Spamhaus’s systems identifying .diet emails as spam. He said:

Spamhaus is a high-minded organization and we applaud their efforts but this report is so factually inaccurate it casts into doubt the validity of everything they release. Spamhaus should be smarter than this and at a minimum consult with registries (our door is open) to gain a better understanding of the subject matter they wrongly profess to be expert in.

Similarly, FFM’s .review gTLD was briefly ranked last week as the “worst” gTLD at 75.1% badness. With 66,000 domains, that would mean almost 50,000 names are spammy.

Yet it appears that roughly 25,000 .review domains are long-tail geo names related to the hotels industry, registered by a Gibraltar company called A Domains Limited, which appears to be run by AlpNames, the registry with close ties to FFM itself.

Again, if Spamhaus’s numbers are accurate, that implies the registrar and/or registry are spamming links to content-free placeholder web sites.

FFM’s Smith says the registry has been using Spamhaus data as part of its internal Registry Abuse Monitoring tool, and that its own findings show significantly less spam. Referring to .review’s 75% score, he said:

This simply does not accord with FFM’s own research, which relies heavily on data made available by Spamhaus. The reality is that, in reviewing registration data for the period 8 February to 8 March 2016, only 4.8% of registered domains have been blacklisted by Spamhaus – further, it is questionable as whether every single such listing is wholly merited. When reviewing equivalent data for the period of 1 January to 8 March 2016 across ALL FFM managed TLDs this rate averages out to a mere 3.2%.

I actually conducted my own research into the claims.

Between March 8 and March 15, I ran the whole .review zone file through the Spamhaus DBL and found 6.9% of the names were flagged as spam.

My methodology did not take account of the fact that Spamhaus retires domains from its DBL after they stop appearing in spam, so it doesn’t present a perfect apples-to-apples comparison with Spamhaus, which bases its scoring on 30 days of data.

All told, it seems Spamhaus is painting a much bleaker picture of the amount of abuse in new gTLDs than is perhaps warranted.

During ICANN meetings last week and in recent blog comments, current and former executives of rival registries seemed happy to characterize new gTLD spam as a Famous Four problem rather than an industry problem.

That, despite the fact that Uniregistry, Minds + Machines and GMO also feature prominently on Spamhaus’s list.

I would say it’s more of a low prices problem.

It’s certainly true that FFM and AlpNames are attracting spammers by selling domains for $0.25 wholesale or free at retail, and that their reputations will suffer as a result.

We saw it with Afilias and .info in the early part of the last decade, we’ve see it with .tk this decade, and we’re seeing it again now.

.mobile will be restricted after Donuts loses auction to Dish DBS

Kevin Murphy, March 15, 2016, Domain Registries

The contention set for the new gTLD .mobile has been resolved, seemingly by private auction, with Dish DBS emerging victorious.

The portfolio registry withdrew its application at the weekend, leaving the satellite TV provider the only remaining applicant.

This means that .mobile will be a restricted gTLD, available only to vetted members of the mobile telephony industry.

Dish had originally proposed .mobile as a so-called “closed generic”, in which it would be the registry and only registrant, but changed its application last year.

It’s a similar story to .phone, which Dish also won.

Dish applied for 13 gTLDs. It withdrew two applications, and 10 others are either in pre-delegation testing or ICANN contracting.

ICANN ups new gTLD revenue forecast

ICANN has increased its new gTLD revenue projections for fiscal 2016.

The organization released its draft FY17 budget over the weekend, showing that it expects its revenue from new gTLDs for the 12 months ending June 30, 2016, to come in at $27.3 million.

That’s a 13% increase — an extra $3.1 million — on what it expected when it adopted its FY16 budget last June.

The anticipated extra money comes from registry and registrar transaction fees, spurred no doubt by the crazy speculation in the Chinese market right now.

Registry transaction fees are now expected to be $2.8 million (up from the earlier prediction of $2 million) and $3 million (up from $2.3 million).

The bulk of the new gTLD revenue — $21.5 million — still comes from fixed registry fees, which do not vary with transaction volume.

For fiscal 2017, which starts July 1 this year, ICANN is predicting new gTLD revenue of $41.5 million, a 52% annual growth rate.

The adopted FY16 budget is here. The new proposed FY17 budget is here. Both are PDF files.

The FY17 proposals are open for public comment.

Amazon files appeal on rejected .amazon domain

Kevin Murphy, March 3, 2016, Domain Policy

Amazon has appealed the rejection of its proposed .amazon new gTLD.

The company this week told ICANN that it has invoked the Independent Review Process, after 18 months of informal negotiations proved fruitless.

Amazon’s .amazon application was controversially rejected by ICANN in May 2014, due to advice from the Governmental Advisory Committee.

The GAC, by a consensus, had told ICANN that .amazon should be rejected.

South American nations that share the Amazonia region of the continent had said the string was “geographic” and should therefore be unavailable to the US-based company.

The word “Amazon” is not protected by ICANN’s geographic string rules, because “Amazon” is not the name of a region, and was only rejected due to governmental interference.

The GAC’s decision came only after the US, which had been preventing consensus in order to protect one of its biggest native internet companies, decided to step aside.

Amazon has been in ICANN’s Cooperative Engagement Process — an informal set of talks designed to avoid the need for too many lawyers — since July 2014.

Those talks have now ended and Amazon has told ICANN that an IRP is incoming, according to ICANN documentation published on Tuesday (pdf).

The IRP documents themselves have not yet been published by ICANN.

UPDATE: This article originally incorrectly stated that the US withdrew its objection to the GAC consensus on .amazon after the IANA transition was announced. In fact, it did so several months prior to that announcement.

Amazon plotting registrar workaround?

Amazon has given an early hint at how it may manage its new gTLD registries.

The company seems to be planning to make its own web site the place to go to for its new gTLD domains, relegating registrars to secondary players in the sales path.

It also seems to be planning to up-sell registrants with services, possibly including hosting, before they even get to the registrar’s storefront.

Amazon has filed a Registry Services Evaluation Process request with ICANN, relating to its gTLD .moi (French for “.me”) covering a “Registration Authentication Platform”.

.moi isn’t a brand, but Amazon says it plans to verify registrant “eligibility” before allowing a registration to take place.

To date, it has not revealed what the eligibility requirements for .moi are.

Its RSEP filing says that it intends to offer registrants a suite of optional add-on “technology tools or applications” at the point of verification.

Crucially, that’s before they get bounced to their registrar of choice to actually register the name.

Amazon is basically putting its up-sell pitch into the sales path before registrars get to do the same.

The RSEP explains it like this:

After the customer selects the Technology Tools of interest and/or ancillary products or services (if any), the customer will select its registrar of choice from among the complete list of .MOI-accredited registrars and be directed to that registrar’s site to permit that registrar to collect the required registrant information for the domain name registration, and to submit payment for the selected .MOI domain name. Upon completion of these steps, the registrar, through the normal EPP processes, shall transmit the required registration information to the Registry and the .MOI domain name shall be registered. A customer that first visits a .MOI-accredited registrar’s website will be directed to the Registry’s .MOI website to undergo the process noted above. After pre-registration policy verification, those customers will be transitioned back to the originating registrar’s site.

The RSEP does not explain what the “technology tools” are, but I’d be very surprised if they did not include for example web hosting, a staple higher-margin registrar product.

It’s not entirely clear what, if any, consultations Amazon has had with registrars regarding its proposals. The RSEP language is evasive:

Amazon Registry reached out to several registrars to have general discussions about their experience with pre-registration policy verification and how that experience (including customer experience) could be improved. Any consultations that may have occurred regarding the Technology Tools and the ancillary products and services would have occurred subject to a Mutual Non-Disclosure Agreement and cannot be disclosed.

Currently, the RSEP only covers .moi. Amazon would have to file additional RSEPs if it wanted the new service applied to its 32-TLD-strong portfolio, which includes the likes of .book, .song and .tunes.

ICANN has already made a preliminary determination that the RSEP “does not raise significant competition, security or stability issues”.

As usual, there’s a public comment period, which ends April 14.