Latest news of the domain name industry

Recent Posts

Drop auctions not a slam-dunk, says Nominet

Nominet has responded to criticism of its plans to introduce registry-level .uk drop auctions by saying it’s not about money-grabbing and is not guaranteed to even happen.

Registry MD Eleanor Bradley today blogged:

In some quarters the commentary suggests the driver for change is financial, or to make life more difficult for some business models. It is not.

As commercial gain was not our objective, we have suggested that any additional funds raised by changing the policy would be directed towards public benefit activity or used to provide specific services to registrars. Indeed, how to best spend additional funds that result from any policy change is part of the consultation.

The consultation referred to here was launched earlier this month. It suggests replacing the current drop-catching system, in which Nominet suspects some members “collude” to pool their EPP connections, with one of two new processes.

One would be a straightforward auction of desirable dropping names. The other would be to charge drop-catchers up to £6,000 a year for extra concurrent registry connections.

Bradley wrote that “the assumption in some quarters that an auction approach is our preferred option — a fait accompli –- are wide of the mark”.

As I’m one of the people who reported that auctions were Nominet’s “apparently preferred” option, I’ll note that my take was based on the company’s own consultation document, which scores auctions more highly than the alternative on a five-point scale of its own devising.

And a preferred option is not the same as a fait accompli, of course.

The consultation is open for a couple more weeks. A group of disgruntled members plan to petition the board to retain the status quo at its AGM in September.

Nominet members revolt over “deepest pockets wins” auction plans

A group of Nominet members and registrars have launched a petition to prevent Nominet from introducing registry-level auctions for dropping .uk domain names.

The petition, organized by Netistrar, reads: “We the undersigned members request that Nominet maintains equal registrar access to expired domain names on a first come first served basis.”

Nominet recently launched a policy consultation that lays out plans to essentially kill off the existing system of drop-catching expired domains and replace it with either registry auctions or a pay-to-play model asking fees of up to £6,000 a year.

The petition says that “these proposals technically and financially restrict a registrars ability to access expired domains”, noting that other ccTLDs “manage an expiry process without an expensive and centralized auction system.”

So far, 70 registrars and individuals (out of the about 3,000 Nominet members) have signed the petition, but they account for more than 400,000 .uk domains.

The petition will be presented at Nominet’s annual general meeting in September. The current policy consultation ends August 14.

Nominet wants to kill off the .uk drop-catching market

Nominet has revealed a sweeping set of policy proposals that would totally revamp how expired domains are deleted and could essentially kill off drop-catching in the .uk domains market.

The company is thinking about auctioning off expired domains at the registry level, or charging drop-catchers up to £6,000 ($7,500) a year to carry on more or less as normal.

Currently, expired .uk domains are deleted at an undisclosed time each day, leading drop-catch registrars to spam the registry back-end with availability checks on the best names.

Upon finding a desired domain has dropped, they then attempt to register it immediately by spamming EPP create commands.

About 0.7% of the domains deleted each year, about 12,000 of the 1.76 million names dropped in 2018, are re-registered within a second of release, Nominet says.

The system as it stands bothers the registry due to the technical load it creates and the fact that it means the most desirable names are snapped up by small number of domainers for resale.

It also does not like the fact the current system encourages collusion between Nominet members and the creation of dummy memberships by drop-catchers.

So it’s proposing two main options for rejiggering the economics.

The first and apparently preferred solution would be for Nominet to auction off the names, rather than deleting them. It would look a lot like auctions often seen in newly launching TLDs.

The second option is to charge drop-catchers extra fees for a greater number of simultaneous EPP connections.

Currently, each registrar gets six. Under the proposal, called “Economically controlled access to expiring domains”, they’d be able to buy additional batches of six for £600 a pop, up to a maximum of 10 batches or £6,000.

Regardless of which option is chosen, Nominet also wants to make drop times more predictable, by publishing a daily drop-list available to all.

Nominet knows there’s a pretty good chance it’s going to be accused of profiteering, and says in the paper:

If either of the options proposed are implemented, we envisage that any profits derived from the auction or economically controlled access models will be directed towards public benefit activity and/or ringfenced to provide specific services to registrars e.g. a training fund. However, we are also seeking ideas on how any profits would be best spent to benefit the .UK namespace in this consultation.

The consultation can be found here. Interested parties have until August 14 to submit comments.

Namecheap and others banning coronavirus domains

Kevin Murphy, March 26, 2020, Domain Registrars

Anyone wanting to buy a coronavirus-related domain for scamming purposes won’t be able to do it via Namecheap, which has preemptively banned keyword domains on its storefront.

For the last several days, the registrar has rejiggered its web site to prevent customers adding domains containing certain keywords — such as “coronavirus” or “covid” or “vaccine” — to their shopping carts.

The company said today that customers wishing to register such domains for legitimate purposes can continue to do so by calling up Namecheap customer service and having the name registered manually.

CEO Richard Kirkendall said in an email to customers that Namecheap is also “actively working with authorities to both proactively prevent, and take down, any fraudulent or abusive domains or websites related to COVID19”.

A GoDaddy spokesperson told DI this week that it has also taken down domains when alerted to their usage as coronavirus scams.

Meanwhile, .uk registry Nominet said that it has added keywords such as “coronavirus” and “covid” to its Domain Watch initiative, the same semi-automated system it uses to flag and suspend phishing and “rape” domains preemptively at point of registration. Nominet said:

Those that look suspicious — based on our algorithm and then a manual check — are suspended until we see evidence of good intentions from the registrants.

So far, we have suspended over 180 domains while we conduct this extra due diligence. A small proportion responded to our satisfaction and had their domain names reactivated. It’s highly likely that those who did not respond were intending to use their domains to manipulate a public in need of information.

Another domain company taking action is aftermarket site Dan.com, which today said on Twitter that it will remove all coronavirus related domains from its marketplace.

Namecheap is also offering some customers payment flexibility when it comes to some products — largely non-domain products such as hosting — if they can convince customer service reps of their coronavirus-related financial hardship.

“I urge you not to abuse this offer, please allow it to be used by those who need it most, who are otherwise unable to pay,” Kirkendall wrote.

Verisign, the .com registry, yesterday hinted that it will be offering its registrars some similar flexibility, which one assumes could be passed on to registrants.

Nominet to intercept dangerous coronavirus domains

Kevin Murphy, March 24, 2020, Domain Registries

Nominet, the .uk registry, will start providing informational landing pages when it suspends domains for criminal behavior including coronavirus-related scams.

The company already suspends tens of thousands of domains every year at the request of law enforcement agencies.

The vast majority are related to intellectual property infringement such as counterfitting and piracy. A substantially smaller number are suspended due to the sale of fake pharmaceuticals.

Rather than Nominet suspending these domains, stopping them resolving, they will now instead resolve to landing pages “providing consumer advice and education”.

It’s similar to how the FBI handles domains it has seized during criminal investigations in the US, but Nominet says it’s the first example in the world of such a program being rolled out by a registry.

The first LEAs taking part in the program are the Medicines and Healthcare Products Regulatory Agency and the City of London’s Police Intellectual Property Crime Unit.

While Nominet pitched the news as coronavirus-related, the timing appears to be coincidental.

The company first announced its landing page plan last October, when it was opened to public consultation.

A MHRA spokesperson said in a Nominet press release that suspended domains will redirect to its “#fakemeds website”, which currently has a great deal to say about penis pills but nothing at all to say about coronavirus.

Is the .co rebid biased toward Afilias? Yeah, kinda

Kevin Murphy, January 17, 2020, Domain Registries

The Colombian government has come under fire for opening up the .co registry contract for rebid in a way that seems predetermined to pick Afilias as the winner, displacing its fierce rival Neustar.

As I blogged in November, Colombia thinks it might be able to secure a better registry deal, so it plans to shortly open .co up to competitive proposals.

A company called .CO Internet, acquired by Neustar for $109 million in 2014, has been running the ccTLD for the last decade. There are currently around 2.3 million .co domains under management, according to Colombia.

With the renewal deadline looming, the government’s technology ministry, MinTIC, published an eyebrow-raising request for proposals last month.

What’s surprising about the RFP is that some of the four main technical performance criteria listed are so stringent that probably only two companies in the industry qualify — Verisign and Afilias, and so far Verisign has not been involved in the RFP process.

The companies that have been engaging with the government to date are Afilias, Neustar/.CO, Nominet, CentralNic and Donuts.

First, MinTIC wants a registry that’s had at least two million domains under management across its portfolio continuously for two years. All five registries qualify there.

Second, it wants a registry that’s been involved in the migration of a TLD of at least one million names, either as the gaining or losing back-end.

That immediately narrows the pack to just two of the five aforementioned registries — Neustar and Afilias.

Verisign would also qualify, if it’s in the bidding, but I suspect it’s not. Taking over .co would look like a “buy it to kill it” strategy, which would be horrible optics for the Colombian government.

There have only ever been three migrations over one million names, to my knowledge: the Verisign->Afilias .org transition of 2003, the Neustar->Afilias .au move of 2018, and last year’s Afilias->Neustar .in handover.

CentralNic, Nominet and Donuts have all moved numerous TLDs between back-ends, but with much smaller per-TLD domain volumes.

Third — and here’s the kicker — the successful .co bidder will have to show that it processes on average 25 million registry transactions — defined as “billable EPP (write) transactions, as well as all EPP search (read) transactions” — per day. (All of the RFP quotes in this post have been machine-translated from Spanish by Google and run by a few generous Spanish speakers for verification.)

The RFP is not entirely clear on what exact data points it’s looking at here, but my take is that qualifying transactions include, at an absolute minimum, attempts to create a domain, renew a domain, transfer a domain and check whether a domain is registered.

The vast majority of such transactions are in the check and create functions, and I believe a great deal of that activity relates to drop-catching, where registries are flooded with add requests for just-deleted domains.

Whichever way you split it, 25 million a day is a ludicrously high number. Literally only .com, which sees 2.3 billion checks and 1.5 billion adds per month, sees that kind of action.

According to Neustar, which actually runs .co, it only sees 6.4 million transactions per day on average. The requirement to handle 25 million a day is “exaggerated, unjustified and discriminatory” against Neustar, Neustar told MinTIC.

But the RFP allows for the bidding registries to spread their 25-million-a-day quota across all of the TLDs they manage, and this MAY sneak Afilias over the line.

I say MAY in big letters because I don’t believe the numbers that Afilias (and probably other registries too) reports to ICANN every month are reliable.

If you add up the reported, qualifying EPP transactions for September in Afilias’ top four legacy gTLDs — .org, .info, .mobi and .pro — you get to over 25 million per day.

But those same records show that, for example, .mobi, .pro and .info had exactly the same number of EPP availability checks that month — 215,988,497 each.

This is clearly bad data.

I reported on this issue last May, when ICANN’s Security and Stability Advisory Committee informed ICANN that major registries were providing “not reliable” or possibly “fabricated” data about port 43 Whois queries.

Afilias, which was one of the apparent offenders, told me at the time that it was addressing the issue with ICANN, but it does not yet appear to have fully fixed its reporting to enable TLD-by-TLD breakdowns of its registry activity.

It is of course quite possible, even very likely, that Afilias has on average more than 25 million qualifying EPP transactions per day, but how’s it going to prove that to the Colombian government when the numbers it reports under contract to ICANN are clearly unreliable?

It’s a little harder to determine whether Neustar would qualify under the 25-million transaction rule, because some of its largest zones are ccTLDs — .co, .in and .us — that do not publicly report this kind of data. Its comments to the RFP suggest it would not.

Numbers aside, I’ll note that there’s very probably an inherent bias towards legacy gTLD operators like Afilias and against relative newcomers such as CentralNic if you’re counting EPP transactions. As I noted above, a lot of these transactions are coming from drop-catch activity, which is more prevalent on larger, older TLDs where there are more dropping domains that are more likely to have existing backlinks and traffic.

The fourth technical requirement in the Colombian RFP that looks a bit fishy is the requirement that the new registry must have channel relationships with at least 10 of the largest 25 registrars, as listed by a web site called domainstate.com.

I can’t say I’ve looked at domainstate.com very often, if at all, but a quick look at its numbers for September strongly suggests to me that it does not count post-2012 new gTLD registrations in its registrar league table. One registrar with almost four million domains under management doesn’t even show up on the list. This arguably could give an advantage to a registry that plays strongly in legacy gTLDs.

That said, it’s probably an academic point — I don’t think any of the bidders for the .co contract would have difficulty showing that they have 10 of the top 25 registrars on board, whichever way you calculate that league table.

Cumulatively, these four technical hurdles have led some to suggest that Afilias has somehow steered MinTIC towards creating an RFP only it could win.

Apart from what I’ve discussed here, I’ve no evidence that is the case, and Afilias has not yet responded to my request for comment today.

Luckily for the bidding registries, the Columbian RFP has not yet been finalized. Comments submitted by the bidders and others are apparently going to be taken on board, so the barriers to entry for respondents could be lowered before bids are finally accepted.

MinTIC posted an update last night that extends the period that the RFP could run, and the transition period should Neustar lose the contract. A handover, should one happen at all, could now happen as late as February next year.

Criminal .uk suspensions down this year

Kevin Murphy, November 26, 2019, Domain Registries

Nominet suspended fewer .uk domain names due to reports of criminality in the last 12 months that in did in the prior period.

The registry said last week that is suspended 28,937 domains in the year to the end of October, down from 32,813 in the 2018 period.

That’s 0.22% of all .uk names, Nominet said.

As usual, complaints about intellectual property infringement — filed by copyright owners to the IP cops and handed to Nominet — account for the vast majority of takedowns, some 28,606 in the period.

The rest were suspended due to complaints about fraud, trading standards, financial conduct and healthcare products.

Only 16 requests were denied by Nominet, down from 114 in the previous year, and only five false-positive suspensions were reversed.

The controversial ban on “rape” domains resulted in 1,600 new regs getting automatically flagged, but zero getting suspended.

There were no requests from the Internet Watch Foundation to take down child sexual abuse material.

Nominet’s newish automated anti-phishing system, which uses pattern recognition to flag potential phishing domains at point of registration, saw 2,668 domains suspended before going live, of which 274 were released after the registrant passed due diligence checks.

Three big changes could be coming to .uk

Kevin Murphy, October 9, 2019, Domain Registries

Nominet wants to know what you thinking about three significant policy changes that could be implemented in the next year or so.

The .uk registry today published a consultation document covering two security-related changes and one related to expired domains.

First, Nominet wants to know if it should be allowed to preemptively block resolution on newly registered domains where it has “identified a high risk the domain will be used for phishing”.

It looks like more of a cosmetic policy change, given that the company is already blocking suspected phishing domains where the registrant fails to adequately verify their identity.

About 1,500 domains were blocked like this in the 12 months ending July 2019, Nominet says, on the basis of its Domain Watch program, which combines technical and manual oversight to identify phishy-looking names.

Second, Nominet want to know if it should display an standard informational web page when it blocks a domain on the basis of fraud, copyright infringement, and counterfeiting.

Currently, the company takes down tens of thousands of names every year on this basis, but the names are simply removed from the zone file and refuse to resolve.

Nominet’s friends in law enforcement reckon that allowing the the domains to instead resolve to a standard web page instead could help victims of fraudulent sites help with police investigations, and Nominet wants to know if you agree.

A side-effect of this would be that the names would remain in the zone, so we’d be able to see for the first time which names get suspended for fraud.

Third, Nominet wants to know whether it should start openly publishing drop-lists, the list of domains that have expired registrations and are about to become available.

This appears to be bad news for those registrars currently “excessively” pinging the registry to compile their own lists and get the jump on competitors when it comes to drop-catching valuable names for resale.

Nominet seems to want to see fewer dropped domains winding up in the hands of domainers, saying currently “not all dropping domains are registered and actively used by the new registrant, reducing the vibrancy of .UK domains”.

It’s proposing to give drop-lists just to registrars, or to publish them openly.

All three questions are open for comment until December 15.

Nominet raises .uk prices

Kevin Murphy, October 1, 2019, Domain Registries

Nominet is to raise the price of a .uk domain name in January, adding a couple million quid to its top line.

The company’s annual registry fee will increase by 4%, from £3.75 to £3.90 ($4.77), on January 13 next year.

Nominet said the increase is to reflect “some of the increased costs of running the registry business since prices last changed in 2016.”

While it’s a modest £0.15 extra per name per year, at the current registration volume that works out to just shy of £2 million ($2.45 million) more revenue per annum.

Perhaps predicting a backlash from large-volume registrants, Nominet told registrars:

We appreciate that price rises are never popular, but even after this modest rise, .UK domains remain extremely competitively priced in the market and accessible to all.

If US dollars are your frame of reference, .uk names will still actually be cheaper following the price increase than they were following the 2016 price increase, due to exchange rate fluctuations.

The last price increase went into effect in March 2016. Before that, prices had been unchanged since 1999.

These two ccTLDs drove two thirds of all domain growth in Q2

Kevin Murphy, August 30, 2019, Domain Registries

The number of registered domain names in the world increased by 2.9 million in the second quarter, driven by .com and two ccTLDs.

That’s according to the latest Verisign Domain Name Industry Brief, which was published (pdf) overnight, and other data.

The quarter ended with 354.7 million domains. Verisign’s own .com was up 1.5 million over Q1 at 142.5 million names.

ccTLDs across the board grew by 1.9 million names sequentially to 158.7 million. Year-over-year, the increase was 10.5 million domains.

The sequential ccTLD increase can be attributed almost entirely to two TLDs: .tw and .uk. These two ccTLDs appear to account for two thirds of the overall net new domains appearing in Q2.

Taiwan grew by about 600,000 in the quarter, presumably due to an ongoing, unusual pricing-related growth spurt among Chinese domainers that I reported in June.

The UK saw an increase of roughly 1.3 million domains, ending the quarter at 13.3 million.

That’s down to the deadline for registering second-level .uk matches for third-level .co.uk domains, which passed June 25.

Nominet data shows that 2LDs increased by about 1.2 million in the period, even as 3LDs dipped. The difference between this and the Verisign data appears to be rounding.

Factoring out the .uk and .tw anomalies, we have basically flat ccTLD growth, judging by the DNIB data.

Meanwhile, the new gTLD number was 23 million. That’s flat after rounding, but Verisign said that the space was actually up by about 100,000 names.

Growth as a whole was tempered by what I call the “other” category. That comprises the pre-2012 gTLDs such as .net, .org, .info and .biz. That was down by about a half a million names.

.net continued its gradual new gTLD-related decline, down 200,000 names sequentially at 13.6 million, while .org was down by 100,000 names.

The overall growth numbers are subject to the usual DNIB-related disclaimers: Verisign (and most everyone else) doesn’t have good data for some TLDs, including large zones such as .tk and .cn.