Latest news of the domain name industry

Recent Posts

Radix targets 25,000 names for .online’s first day

Kevin Murphy, August 18, 2015, Domain Registries

Radix Registry reckons .online will move at least 15,000 domains in its first day of general availability, but it’s aiming higher.

“We are confident .online will be amongst the biggest new gTLDs that have launched,” Radix business head Sandeep Ramchandani said in a press release today.

“The same sentiment across several Registrar Partners has reinforced our beliefs. We expect to start off with at least 15,000 registrations at launch and would love to break .club’s launch record,” he said.

When .CLUB Domains launched .club in 2014, its zone file showed over 25,000 domains after the first 10 hours.

Radix is basing its projections not only on its registrar conversations, but also on .online’s sunrise period, which ended yesterday with 775 sales.

That number is of course low by pre-2012 standards, but it’s in the top tier of sunrise periods for non-controversial new gTLDs.

The only strings to top 1,000 names to date have been ICM Registry’s .porn and .adult and Vox Populi’s .sucks.

.CLUB’s sunrise weighed in at 454 domains.

Radix had better hope .online is successful — the gTLD sold for seven or eight figures at private auction.

The gTLD will go to its Early Access Period tomorrow before settling down to regular pricing August 26.

New gTLD phishing still tiny, but .xyz sees most of it

New gTLDs are not yet being widely used to carry out phishing runs, but most such attacks are concentrated in .xyz.

That’s one of the conclusions of the Anti-Phishing Working Group, which today published its report for the second half of 2014.

Phishing was basically flat in the second half of the year, with 123,972 recorded attacks.

The number of domains used to phish was 95,321, up 8.4% from the first half of the year.

However, the number of domains that were registered maliciously in order to phish (as opposed to compromised domains) was up sharply — by 20% to 27,253 names.

In the period, 272 TLDs were used, but almost 54% of the attacks used .com domains. In terms of maliciously registered domains, .com fared worse, with over 62% share.

According to APWG, 75% of maliciously registered domains were in .com, .tk, .pw, .cf and .net.

Both .tk and .cf are Freenom-administered free ccTLDs (for Tokelau and the Central African Republic) while low-cost .pw — “plagued” by Chinese phishers — is run by Radix for Palau.

New gTLDs accounted for just 335 of the maliciously registered domains — 1.2% of the total.

That’s about half of what you’d expect given new gTLDs’ share of the overall domain name industry.

Twenty-four new gTLDs had malicious registrations, but .xyz saw most of them. APWG said:

Almost two-thirds of the phishing in the new gTLDs — 288 domains — was concentrated in the .XYZ registry. (Of the 335 maliciously registered domains, 274 were in .XYZ.) This is the first example of malicious registrations clustering in one new gTLD, and we are seeing more examples in early 2015.

XYZ.com aggressively promoted cheap or free .xyz names during the period, but APWG said that only four .xyz phishing names were registered via freebie partner Network Solutions.

In fact, APWG found that most of its phishing names were registered via Xin Net and used to attack Chinese brands.

But, normalizing the numbers to take account of different market shares, .xyz shapes up poorly when compared to .com and other TLDs, in terms of maliciously registered domains. APWG said:

XYZ had a phishing-per-10,000-domains score of 3.6, which was just slightly above the average of 3.4 for all TLDs, and lower than .COM’s score of 4.7. Since most phishing domains in .XYZ were fraudulently registered and most in .COM compromised, .XYZ had a significantly higher incidence of malicious domain registrations per 10,000 coming in at 3.4 versus 1.4 for .COM.

APWG said that it expects the amount of phishing to increase in new gTLDs as registries, finding themselves in a crowded marketplace, compete aggressively on price.

It also noted that the amount of non-phishing abuse in new gTLDs is “much higher” than the phishing numbers would suggest:

Tens of thousands of domains in the new gTLDs are being consumed by spammers, and are being blocklisted by providers such as Spamhaus and SURBL. So while relatively few new gTLD domains have been used for phishing, the total number of them being used maliciously is much higher.

The number of maliciously registered domains containing a variation on the targeted brand was more or less flat, up from 6.6% to 6.8%.

APWG found that 84% of all phishing attacks target Chinese brands and Chinese internet users.

The APWG report can be downloaded here.

UPDATE: XYZ.com CEO Daniel Negari responded to the report by pointing out that phishing attacks using .xyz have a much shorter duration compared to other TLDs, including .com.

According to the APWG report, the average uptime of an attack using .xyz is just shy of 12 hours, compared to almost 28 hours in .com. The median uptime was a little over six hours in .xyz, compared to 10 hours in .com.

Negari said that this was due to the registry’s “aggressive detection and takedowns”. He said XYZ has three full-time employees devoted to handling abuse.

Tucows and Namecheap exit $14m .online deal

Tucows and Namecheap have both pulled out of their joint venture with Radix to run the .online registry.

Tucows revealed the move, which will see Radix run .online solo, in a press release yesterday.

Both Tucows and Namecheap are registrars, whereas Radix is pretty much focused on being a registry nowadays.

While financial terms have not been disclosed, Tucows CEO Elliot Noss had previously said that each of the three companies had funded the new venture to the tune of $4 million to $5 million.

I estimate that this puts the total investment in the deal — which includes the price of winning .online at auction — at $13 million to $14 million.

Noss has also hinted that the gTLD sold for much more than the $6.8 million paid for .tech.

.online has not yet been delegated.

.blog won in eight-figure auction by Primer Nivel

Kevin Murphy, February 16, 2015, Domain Registries

A Colombian registrar has become the unlikely owner of the coveted .blog new gTLD, beating eight other applicants to the string at auction.

Winning bidder Primer Nivel is a Panamanian company affiliated with Bogota-based CCI REG, which runs my.co.

The company was the first to reveal its plans to apply for .blog, telling DI back in April 2012 about its ambitions of the gTLD.

Rival bidders Radix, Minds + Machines, Donuts, Afilias, Merchant Law Group, BET, Google and Top Level Design all withdrew their applications over the weekend.

We’re certainly looking at an eight-figure sale here.

Kieren McCarthy, writing at The Register, reckons it went for $30 million or more, based on the fact that M+M got $3.4 million for withdrawing from .blog and .store auctions, but his back-of-the-envelope calculations are off-target for a few reasons.

Knowledgeable DI sources say the sale price was considerably lower than $30 million.

My envelope puts it at somewhere in the range of $15 million to $18 million.

I’ve always said .blog is among my favorite new gTLD strings. The market opportunity is potentially huge, with hundreds of millions of blogs live on the web today.

Primer Nivel, which to the best of my knowledge is not (unlike some other applicants) affiliated with a particular blogging platform, plans to operate .blog as an open gTLD.

The separate auction for .store, meanwhile, was won by Radix, after withdrawals from M+M, Donuts, Amazon, Google, Dot Store and Uniregistry this weekend.

Over 180,000 blocked new gTLD names to drop next week

Kevin Murphy, November 20, 2014, Domain Registries

Several new gTLD registries will release hundreds of thousands of currently blocked domain names — some of them quite nice-looking — next Wednesday.

It’s one of the first big batches of name collisions to be released to market.

The companies behind .xyz, .website, .press, .host, .ink, .wiki, .rest and .bar will release most of their blocked names at 1400 UTC on November 26. These registries all use CentralNic as their back-end.

The gTLD with the biggest “drop” is .host, with over 100,000 names. .wiki, .website and .xyz all have 10,000 to 20,000 releasing names apiece.

According to Radix business head Sandeep Ramchamdani, A smallish number — measured in the hundreds — of the .host, .press and .website names are on the company’s premium domain lists and will carry a higher price.

He gave the following sample of .website domains that will become available at the baseline, non-premium, registry fee:

analyze.website, anti.website, april.website, bookmark.website, challenge.website, classics.website, consumer.website, definitions.website, ginger.website, graffiti.website, inspired.website, jobportal.website, lenders.website, malibu.website, marvelous.website, ola.website, clients.website, commercial.website, comparison.website

Drop-catching services such as Pool.com are taking pre-orders on names set to be released.

Other registries have already released their name collisions domains.

I gather that .archi, .bio, .wien and .quebec have already unblocked their collisions this week.

Donuts tells us it has no current plan for its first drops. Rightside, which runs Donuts’ back-end, is reportedly planning to drop names in a couple dozen gTLDs on the same date in January.

As we reported earlier this week, millions of names are due to be released over the coming months, due to the expiration of the 90-day “controlled interruption” phase that ICANN forced all new gTLD registries to implement.

By definition, name collision names already have seen traffic in the past and may do so again.

Noss hints at winning .online auction bid

Kevin Murphy, November 13, 2014, Domain Registries

A triumvirate of domain name companies led by Radix paid well over $7 million for the .online new gTLD, judging by comments made by Tucows CEO in an analysts call yesterday.

As the company reported its third-quarter financial numbers, Noss said of .online, which was recently auctioned:

While we are bound by confidentiality with respect to the value of the transaction, we can point to amounts paid in other gTLDs’ auctions in the public domain — like $6.8 million for .tech, $5.6 million for .realty, or the $4.6 million that Amazon paid for .buy — and let you decide what you think .online should be valued, relative to those more narrowly targeted extensions.

Radix won the private auction with financial backing from Tucows and NameCheap.

The three companies intend to set up a new joint venture to manage the .online registry, as we reported yesterday, with each company contributing between $4 million and $5 million.

Assuming at least one company is contributing $4 million and at least one is contributing $5 million, that works out to a total of $13 million to $14 million, earmarked for the auction and seed funding for the new venture.

Based on that knowledge, an assumption that the new company will want a couple of million to launch, and Noss’s comments yesterday, I’d peg the .online sale price in the $10-12 million range.

Radix business head Sandeep Ramchamdani told us yesterday that the company plans to market .online with some “hi-decibel advertising” and participation in events such as Disrupt and South by Southwest.

Phishers prefer free ccTLDs to new gTLDs

Kevin Murphy, September 29, 2014, Domain Registries

Domains in free and cheap ccTLDs are much more likely to host phishing attacks than new gTLDs.

That’s one of the conclusions of the latest report of the Anti-Phishing Working Group, which found that Freenom’s re-purposed African ccTLDs were particularly risky.

The first-half 2014 report found 22,679 “maliciously registered” domains used in phishing attacks. That’s flat on the second half of 2013 and almost double the first half of 2013.

Only roughly a quarter of the domains used in phishing had been registered for the purpose. The rest were pointing to compromised web servers.

On new gTLDs, the APWG said:

As of this writing, the new gTLD program has not resulted in a bonanza of phishing. A few phishers experimented with new gTLD domain names, perhaps to see if anyone noticed. But most of the new gTLD domains that were used for phishing were actually on compromised web sites.

The new gTLDs .agency, .center, .club, .email and .tips were the only ones to see any maliciously registered phishing domains in the half — each had one — according to the report.

The APWG speculates quite reasonably that the relatively high price of most new gTLD domains has kept phishers away but warns that this could change as competition pushes prices down.

While .com hosts 54% of all phishing domains, small ccTLDs that give away domains for free or cheap are disproportionately likely to have such domains in their zones, the report reveals.

The Freenom-operated ccTLDs .cf (Central African Republic), .ml (Mali) and .ga (Gabon) top the table of most-polluted TLDs, alongside PW Registry’s .pw (Palau).

Freenom, which also runs .tk, offers free domains, while PW Registry has a very low registry fee.

APWG measures the risk of phishing by TLD by counting phishing domains per 10,000 registered names, where the median score is 4.7 and .com’s score is 4.1.

.cf tops the charts with 320.8, followed by .ml with 118.9, .pw with 122, .ga with 42,9 and .th (Thailand) with 27.5. These number include compromised as well as phisher-registered domains.

Read the APWG report here.

Which made more money — .website, .press or .host?

Kevin Murphy, September 19, 2014, Domain Registries

Radix Registry launched its first three new gTLDs yesterday, and the first day’s numbers make an interesting case study in how difficult it can be to judge the health of a TLD.

Based on zone file numbers, .website was the clear winner. It had 6,340 names in its zone at the end of the day, compared to .host’s 778 and .press’s 801.

There’s clearly more demand for .website names right now.

But which made the most money? That’s actually a lot harder to figure out.

To make those calculations accurately, you’d need to know a) Radix’s base registry fee, b) the promotional discounts it applied for the launch c) which premium names sold and d) for how much.

None of that information is publicly available.

If we were to use Go Daddy’s base retail pricing as a proxy guide, .host was hypothetically the biggest money-spinner yesterday. At $129.99 a year, it would have made $101,132.

Because .website only costs $14.99 at Go Daddy, it would have only made $95,037, even though it sold thousands more names.

But Radix offered registrars what appears to be steep discounts for the launch. Go Daddy marked down its .host names from $129.99 to $49.99. That would make revenue of $38,892, less than half of .website.

With the discounts in mind, .host didn’t have as good a day from a cash-flow perspective as .website, but it arguably looks healthier from a long-term revenue perspective.

That’s all based on the snapshot of today’s zone files and an obviously incorrect assumption that Go Daddy sold all the names, of course.

Complicating matters further are the premium names.

Radix has priced a lot of its names with premium renewal fees and Radix business head Sandeep Ramchandani said that the company sold five five-figure premium names across all three gTLDs.

Given the relatively small amount of money we’re talking about, those five sales would have significantly impacted the three new gTLD’s relative revenue.

.website gets 6,500 regs in first four hours

Kevin Murphy, September 18, 2014, Domain Registries

The new gTLD .website got over 6,500 registrations in the first four hours of general availability, according to Radix Registry.

The TLD has been characterized as the first exciting, properly generic English-language new gTLD to launch.

With that in mind, one wonders whether 6,500 is a great start.

Bear in mind that .website has commodity .com pricing ($14.99 or thereabouts retail) and that Radix offered its registrars a promotional discount for the launch — 6,500 names does not equal a lot of money.

But it’s still early days (hours), and we don’t know how many of the registered names carry premium prices.

Radix’s premium names renew annually at the premium prices, as we’ve seen previously with gTLDs from the likes of Donuts, Uniregistry and Minds + Machines.

.website went to GA at 1600 UTC today, having been delayed 24 hours by a pricing glitch.

Radix has been conducting a sweepstakes on Twitter all day to guess the number of day-one registrations in .website. The prize is a Go Pro camera.

Based on nothing more than gut instinct, I went for 9,888, thinking I was probably erring slightly on the low side.

Radix delay blamed on promo pricing

Kevin Murphy, September 18, 2014, Domain Registries

Radix Registry’s first three new gTLD launches have been delayed for 24 hours after registrars experienced problems with promotional pricing.

.website, .host and .press will now go to general availability at 1600 UTC today.

Radix business head Sandeep Ramchandani said that some registrars were not expecting the registry to quote discounted fees at point of purchase; they were expecting a rebate at a later date instead.

This caused problems during pre-launch testing, he said, which led to the decision to delay.

The problem was resolved not too long after yesterday’s 1600 launch deadline, but it was decided to hold off on GA for a full 24 hours.