Latest news of the domain name industry

Recent Posts

Rumors swirl as AlpNames suffers “days” of downtime

Kevin Murphy, March 12, 2019, Domain Registrars

The web site of controversial registrar AlpNames has been offline for “days”, and rumors have started to circulate that it might not just a technical problem.

At time of writing, alpnames.com resolves to a Cloudflare error page, warning that the AlpNames web server has an invalid SSL certificate. Cloudflare may also show an ugly, bare-bones cached version of the site.

This means that AlpNames customers are unable to log in to manage their domains, according to threads on Namepros and Reddit, and conversations I’ve had with some of those affected.

It’s said that customers are able to manage their domains by logging in directly to LogicBoxes, AlpNames’ registrar-in-a-box provider, but I’ve been unable to personally verify this.

AlpNames is believed to have almost 700,000 names under management, double the size it was last June but well below its peak, at the height of its deep-discounting period in 2017, of over three million.

It’s not known how many individual registrants are affected. The company tends to attract what one might charitably call “bulk-buyers”, so it will be substantially lower than the number of registered domains.

It’s also not entirely clear when the web site went down. It’s not been loading here for at least 12 hours, but the first reference to downtime on Namepros was on Sunday. Multiple other sources have told me today that it’s been unavailable “for a few days”.

A separate AlpNames-owned web site focused on marketing .icu domains to the Chinese market is still online.

But it seems a lot of AlpNames customers have been left hanging in uncertainty, unsure how or when they will be able to manage their domains.

I’ve been unable to reach any of AlpNames’ senior executives for comment on the situation today.

An email sent to CEO Iain Roache this morning, at the address he was using in December, bounced back with a “disabled account” error message. I have received no response to messages I sent to two other email addresses he is known to use.

I understand that fellow AlpNames exec Geir Rasmussen who, with Roache, was enthusiastically pitching grand plans for AlpNames as recently as October, is no longer with the company.

Chief operating officer Damon Barnard also left the company last October and ceased work as a director around the same time.

Records show the salesperson due to represent AlpNames at this week’s ICANN 64 meeting in Japan did not show up and is believed to have also left the company in January.

The company’s Twitter and Facebook accounts, which are not usually particularly active anyway, have not yet addressed the downtime problem.

If it is simply a case of an expired or misconfigured SSL cert, why is it taking so long to fix, and why has there been radio silence from AlpNames?

Opponents and competitors are putting the word around that there may be a more serious problem with the company, but I’ve not seen any conclusive evidence that this is the case.

It’s possible there’s some confusion between AlpNames and Famous Four Media, the now-defunct Roache/Rasmussen venture that managed the portfolio of new gTLDs owned by Domain Venture Partners, an investment vehicle set up by Roache prior to ICANN’s 2012 gTLD application round.

DVP is no longer affiliated with AlpNames and its gTLDs are managed by a new DVP-controlled entity, GRS Domains, after an investor revolt.

ICANN plays tough over Amazon dot-brands

Kevin Murphy, March 12, 2019, Domain Policy

ICANN has given Amazon and the governments of the Amazon Cooperation Treaty Organization less than a month to sort out their long-running dispute over the .amazon gTLD.

The organization’s board of directors voted on Sunday to give ACTO and the e-commerce leviathan until April 7 to get their shit together or risk not getting what they want.

But both parties are going to have to come to an agreement without ICANN’s help, with the board noting that it “does not think that any further facilitation efforts by ICANN org will be fruitful”.

Attempts by ICANN to meet with ACTO over the last several months have been agreed to and then cancelled by ACTO on at least two separate occasions.

The eight ACTO governments think the string “Amazon” more rightfully belongs to them, due to it being the English name for the rain forest region they share.

Amazon the company has promised to safeguard culturally sensitive terms in .amazon, to assist with future efforts to secure .amazonas or similar for the Amazonian peoples, and to donate services and devices to the nations concerned.

Now, the two parties are going to have to bilaterally decide whether this deal is enough, whether it should be sweetened or rejected outright.

If they can’t come to a deal by ICANN’s deadline (which could be extended if Amazon and ACTO both ask for more time), ICANN will base its decision on whether to approve .amazon based on how Amazon unilaterally proposes to address ACTO’s concerns.

While a rejection of the .amazon application is still on the table, my read is that this is a bigger win for Amazon than it is for ACTO.

Radix sees revenue up 30%

Kevin Murphy, March 12, 2019, Domain Registries

New gTLD registry Radix said today that its revenue increased by 30% in 2018, largely due to an end-of-year boost.

The company, which runs nine gTLDs including .online and .site, said that gross revenue was $16.95 million last year.

It added that net profit was up 45.6%, but the privately held company does not actually disclose the dollar value of its bottom line.

Radix said that the fourth quarter of the year, which presumably saw the benefits of Operation September Thrust, was its strongest quarter.

The company said that 27% of its revenue came from standard-price new registrations and 60% from renewals.

Its premiums brought in $1.9 million, 56% of which were premium renewals.

Donuts founder replaces Pitts as MMX’s premium guru

MMX has hired one of Donuts’ recently departed co-founders to market its premium domain name inventory, the company said today.

Dan Schindler, formerly Donuts’ executive VP, has been hired as a “special advisor”, tasked with “monetizing” premiums in the US and Europe.

He appears to be functionally replacing Victor Pitts, who was hired as director of premium sales two years ago. Pitts appears to have left the company in January.

MMX, which counts .vip, .law and .luxe among its stable of 32 gTLDs, expects to report premium sales for 2018 of around $2.3 million.

The company has also hired domain consultant Christa Taylor, founder and CEO of dottba, as its new chief marketing officer, a newly created position.

News of the appointments was released as MMX published another preliminary trading update ahead of its final 2018 financial results next month.

Here are some more nuggets from the announcement:

  • Total domain registrations so far in 2019 up 38% to 1.84 million compared to a year ago.
  • Billings up 129% year-on-year due to contributions from ICM Registry and a 40% increase in sales of .vip and .luxe domains in China.
  • ICM’s porn-themed domains are renewing at 91%.
  • Integration of .luxe into two more blockchain platforms — NameCoin and XAYA — is underway.

MMX expects to announce its full-year results April 3.

Phishing still on the decline, despite Whois privacy

Kevin Murphy, March 5, 2019, Domain Policy

The number of detected phishing attacks almost halved last year, despite the fact that new Whois privacy rules have made it cheaper for attackers to hide their identities.

There were 138,328 attacks in the fourth quarter of 2018, according to the Anti-Phishing Working Group, down from 151,014 in Q3, 233,040 in Q2, and 263,538 in Q1.

That’s a huge decline from the start of the year, which does not seem to have been slowed up by the introduction in May of the General Data Protection Regulation and ICANN’s Temp Spec, which together force the redaction of most personal data from public Whois records.

The findings could be used by privacy advocates to demonstrate that Whois redaction has not lead to an increase in cybercrime, as their opponents had predicted.

But the data may be slightly misleading.

APWG notes that it can only count the attacks it can find, and that phishers are becoming increasingly sophisticated in how they attempt to avoid detection. The group said in a press release:

There is growing concern that the decline may be due to under-detection. The detection and documentation of some phishing URLs has been complicated by phishers obfuscating phishing URLs with techniques such as Web-spider deflection schemes – and by employing multiple redirects in spam-based phishing campaigns, which take users (and automated detectors) from an email lure through multiple URLs on multiple domains before depositing the potential victim at the actual phishing site.

It also speculates that criminals once involved in phishing may have moved on to “more specialized and lucrative forms of e-crime”.

The Q4 report (pdf) also breaks down phishing attacks by TLD, though comparisons here are difficult because APWG doesn’t always release this data.

The group found .com to still have the most phishing domains — 2,098 of the 4,485 unique domains used in attacks, or about 47%. According to Verisign’s own data, .com only has 40% market share of total registered domains.

But new, 2012-round gTLDs had phishing levels below their market share — 4.95% of phishing on a 6.83% share. This is actually up compared to the 3% recorded by APWG in Q3 2017, the most recent available data I could find.

Only two of the top 20 most-abused TLDs were new gTLDs — .xyz and .online, which had just 70 attack domains between them. That’s good news for .xyz, which in its early days saw 10 times as much phishing abuse.

After .com, the most-abused TLD was .pw, the ccTLD for Palau run by Radix as an unrestricted pseudo-gTLD. It had 374 attack domains in Q4, APWG said.

Other ccTLDs with relatively high numbers included several African zones run as freebies by Freenom, as well as the United Kingdom’s .uk and Brazil’s .br.

Phishing is only one form of cybercrime, of course, and ICANN’s own data shows that when you take into account spam, new gTLDs are actually hugely over-represented.

According to ICANN’s inaugural Domain Abuse Activity Reporting report (pdf), which covers January, over half of cybercrime domains are in the new gTLDs.

That’s almost entirely due to spam. One in 10 of the threats ICANN analyzed were spam, as identified by the likes of SpamHaus and SURBL. DAAR does not include ccTLD data.

The takeaway here appears to be that spammers love new gTLDs, but phishers are far less keen.

ICANN did not break down which gTLDs were the biggest offenders, but it did say that 52% of threats found in new gTLDs were found in just 10 new gTLDs.

This reluctance to name and shame the worst offenders prompted one APWG director, former ICANN senior security technologist Dave Piscitello, to harshly criticize his former employer in a personal blog post last month.