Latest news of the domain name industry

Recent Posts

SpamHaus ranks most-botted TLDs and registrars

Kevin Murphy, January 9, 2018, Domain Registrars

Namecheap and Uniregistry have emerged as two of the most-abused domain name companies, using statistics on botnet command and control centers released by SpamHaus this week.

SpamHaus data shows that over a quarter of all botnet C&Cs found during the year were using NameCheap as their registrar.

It also shows that almost 1% of domains registered in Uniregistry’s .click are used as C&Cs.

The spam-fighting outfit said it discovered “almost 50,000” domains in 2017 that were registered for the purpose of controlling botnets.

Comparable data for 2016 was not published a year ago, but if you go back a few years, SpamHaus reported that there were just 3,793 such domains in 2014.

Neither number includes compromised domains or free subdomains.

The TLD with the most botnet abuse was of course .com, with 14,218 domains used as C&C servers. It was followed by Directi’s .pw (8,587) and Afilias’ .info (3,707).

When taking into account the relative size of the TLDs, SpamHaus fingered Russian ccTLD .ru as the “most heavily abused” TLD, but its numbers don’t ring true to me.

With 1,370 botnet controllers and about five and a half million domains, .ru’s abused domains would be around 0.03%.

But if you look at .click, with 1,256 botnet C&Cs and 131,000 domains (as of September), that number is very close to 1%. When it comes to botnets, that’s a high number.

In fact, using SpamHaus numbers and September registry reports of total domains under management, it seems that .work, .space, .website, .top, .pro, .biz, .info, .xyz, .bid and .online all have higher levels of botnet abuse than .ru, though in absolute numbers some have fewer abused domains.

In terms of registrars, Namecheap was the runaway loser, with a whopping 11,878 domains used to control botnets.

While SpamHaus acknowledges that the size of the registrar has a bearing on abuse levels, it’s worth noting that GoDaddy — by far the biggest registrar, but well-staffed with over-zealous abuse guys — does not even feature on the top 20 list here.

SpamHaus wrote:

While the total numbers of botnet domains at the registrar might appear large, the registrar does not necessarily support cybercriminals. Registrars simply can’t detect all fraudulent registrations or registrations of domains for criminal use before those domains go live. The “life span” of criminal domains on legitimate, well-run, registrars tends to be quite short.

However, other much smaller registrars that you might never have heard of (like Shinjiru or WebNic) appear on this same list. Several of these registrars have an extremely high proportion of cybercrime domains registered through them. Like ISPs with high numbers of botnet controllers, these registrars usually have no or limited abuse staff, poor abuse detection processes, and some either do not or cannot accept takedown requests except by a legal order from the local government or a local court.

The SpamHaus report, which you can read here, concludes with a call for registries and registrars to take more action to shut down repeat offenders, saying it is “embarrassing” that some registrars allow perpetrators to register domains for abuse over and over and over again.

Amid Ukraine crisis, Russia scared ICANN might switch off its domains

Kevin Murphy, September 19, 2014, Domain Policy

Russia is reportedly worried that the current wave of Western sanctions against it may wind up including ICANN turning off its domain names.

According to a report in the local Vedomosti newspaper, the nation’s Security Council is to meet Monday to discuss contingency plans for the possibility of being hit by internet-based sanctions.

Part of the discussion is expected to relate to what would happen if the US government forced ICANN to remove the local ccTLDs — .ru, .рф, and the discontinued .su — from the DNS root, according to Vedomosti’s source.

The paper reports, citing a source, that “officials want to control the entire distribution system of domain names in RUnet entirely”. RUnet is an informal term for the Russian-language web.

The report goes on to explain that the government’s goal is not to isolate the Russian internet, but to ensure it remains functioning within the country if its ccTLDs are cut off in the rest of the world.

Russia has been hit by sanctions from the US and Europe in recent months due to its involvement in the Ukraine crisis, but so far these have been of the regular economic kind.

Frankly, I find the possibility of the US government asking ICANN to intervene in this way — and ICANN complying — unlikely in the extreme. It would go dead against the current US policy of removing itself almost entirely from the little influence it already has over the root system.

Almost five million Russian domains registered

Kevin Murphy, September 19, 2012, Domain Registries

Coordination Center for TLD RU broke through the four-million-domain milestone for the Russian ccTLD .ru on Monday, according to a press release.

Including internationalized domain names under .РФ, of which there are 800,000, ccTLD.ru is managing closer to five million domains.

It took 11 months to grow from 3.5 million domains, according to the registry.

The .ru zone is the fifth-largest ccTLD, after .de, .tk, .uk, and .nl, according to Verisign’s last Domain Name Industry Brief.

Russians flee from IDN during first junk drop

Russia’s internationalized ccTLD, .РФ, lost 18% of its registered domains under management after its first launch anniversary, according to the registry.

Coordination Center for ccTLD said that the registry peaked at 954,012 names on December 28, but DUM had dropped to 779,264 by February 15, a 174,748 domain decline.

While the Center spun this as lower than expected – some experts had apparently predicted 25% to 30% of the early-adopter names would expire – it’s still relatively high.

Telnic deleted about 15% of its names during .tel’s first junk drop, the most recent in the gTLD space, for example.

The Russian registry has also made an eye-opening set of stats related to .РФ available on a new web site.

It reveals that just 33% of .РФ domains resolve to a web site (any web site, presumably including parking) while 29% do not even have name servers.

Little interest in Russian gTLDs?

Kevin Murphy, January 18, 2012, Domain Registries

Despite being given the opportunity to launch top-level domains in Cyrillic script, only a handful of companies from Russia are expected to apply to ICANN for new gTLDs.

That’s according to Andrey Kolesnikov, CEO of Coordination Center for TLD RU, which runs the country’s .ru and .РФ registries.

“There won’t be many applications from Russia, only from about 10 companies,” he said at a recent press conference, while estimating at least 1,000 applications overall.

Just 10 applicants is a surprisingly low estimate, given the resurgence of interest in Russian domain names in 2011.

The year-old .РФ (.rf, for Russian Federation) domain has been a roaring success in volume terms. Launched in late 2010, it now has about a million registered domains.

CC itself is planning to apply for .ДЕТИ, which means “.children” in Russian.

RU-Center, the largest Russian registrar, intends to apply for the city-gTLDs .МОСКВА and .moscow.

Other IDN-friendly nations may be more enthusiastic about new gTLDs. ICANN CEO Rod Beckstrom said last week that he heard that Indian companies could apply for as many as 100.

Russian registry to apply for “.children”

Kevin Murphy, November 28, 2011, Domain Registries

The Russian .ru domain name registry has announced plans to apply for .ДЕТИ, the Russian word for “.children”, under ICANN’s new generic top-level domains program.

It’s the first public announcement of a top-level internationalized domain name that is not geographic nor a transliteration of an existing TLD.

Coordination Center for TLD RU, the registry, said that the initiative was inspired by the success of .РФ (.rf), which is on track to register its millionth domain before the end of the year.

Registry CEO Andrey Kolesnikov said in a statement: “We kicked off preparations for the applying for another top-level domain – .ДЕТИ, which should for an Internet space reserved exclusively for the youngest users.”

IDN gTLDs are one of the benefits of the new gTLD program that nobody — not even trademark interests — disputes, but until now there were no “proper” examples to cite.

VeriSign and Afilias have already announced plans for IDN versions of their existing gTLDs – .com, .net and .info – and ICANN has approved IDN ccTLDs for a couple dozen nations.

Court throws out Russian gaming scandal claims

Kevin Murphy, November 2, 2011, Domain Registrars

Russian registrar RU-Center has won its appeal against a $7.5 million government fine, following claims that it gamed the launch of .РФ, registering tens of thousands of names to itself.

The Moscow Arbitration Court yesterday reversed the decision of the Federal Antimonoply Service, according to a statement from RU-Center, the .РФ registry and local media reports.

The dispute centers on the launch of the Cyrillic-script ccTLD last November, which saw over 200,000 registrations in the first six hours and half a million domains registered in the first few weeks.

RU-Center was quickly hit by claims that it had used its access to the registry, ccTLD Coordination Center, to register over 65,000 premium names to itself in order to auction them to users.

It later emerged that some of the Coordination Center’s launch policy-setters had ownership interests in RU-Center either directly or through family members.

In challenging the FAS ruling, RU-Center said that it only registered domains in its own name, via other registrars, because it had taken over 120,000 pre-orders from customers but was limited to filing 4,800 registrations per hour by the registry.

It also said that the domains remained in its own name because registry rules prohibited transfers during the first year of registration. The transfers will be effective November 11, it said.

Some IDNs fly, while some fail

Kevin Murphy, August 14, 2011, Domain Registries

Russia may have witnessed a domain name boom this year with the launch of .РФ last November, but other internationalized domain names are proving far from popular.

Jordan’s الاردن. country-code top-level domain has taken only about 150 registrations since its launch last October, according to a report in the Jordan Times.

The poor showing has been attributed to both a lack of awareness and a lack of demand. The article quotes Mahmoud Al Kurdi, sales and marketing manager at regional presence provider Virtuport:

If a person does not even know how to type the address of a certain website in English letters, he or she can type in Arabic letters on Google and search for the website. I see no point in typing address in Arabic letters. It is not convenient.

The sentiments are echoed in the article by other local experts, while the registry, the National Information Technology Centre, said it is planning a marketing campaign to drum up interest.

There could be other reasons for slack adoption – Jordan’s IDNs costs $140 for the first two years and $35 per year thereafter. There are also strict rules governing who can register.

Meanwhile in Russia, .РФ had taken 855,751 registrations by June 30, according to the registry’s first-half 2011 report, following its scandal-tinged launch eight months earlier.

Russia is of course substantially larger than Jordan – which has a population smaller than that of London – with ten times as many internet users as Jordan has citizens.

Will a Russian domain sell for more than Sex.com?

Kevin Murphy, November 25, 2010, Domain Sales

The scandal-hit Russian domain name market may yet produce some of the most expensive domain name sales of all time. Premium .рф generics are already attracting eight-figure bids.

Bids of $10 million have apparently been placed on at least two domains, квартиры.рф and бетон.рф (apartments.rf and concrete.rf), in the controversial quasi-landrush auction managed by RU-Center, the largest Russian registrar.

IDNblog.com is reporting the apartments.rf asking price, and a reader was kind enough to send me a screenshot of the concrete.rf auction.

If these bids are for real, and these auctions were to close, they would immediately occupy the number two and three slots on the league table of all-time biggest-ticket domain sales

Before sex.com sold for $13 million, DNJournal’s top twenty list had fund.com in the top spot, at $9,999,950, followed by porn.com at $9,500,000 and diamond.com at $7,500,000.

The RU-Center auctions may not close, however.

As I reported yesterday, the registrar and five others are being investigated on antitrust grounds by Russian competition authorities, after allegedly registering tens of thousands of domains to themselves.

The auctions are currently frozen and the .рф registry, Coordination Center for ccTLD, has made noises about applying “sanctions” to the registrars that could include de-accreditation.

RU-Center, which confusingly does business at nic.ru, has defended its position in at least two articles here and here (in Russian, naturally).

As far as I can tell, none of these auctions will close until the registrar and the registry resolve their differences and/or the Russian government probe concludes.

However, it’s pretty obvious that the demand for Cyrillic generic IDNs is enormous in Russia, and could easily challenge .com on the big-sale league tables.

New Russian TLD is a smash hit

Kevin Murphy, November 11, 2010, Domain Registries

Russia’s new Cyrillic top-level domain, .РФ, has gone down a storm, beating even the recent launch of .co in terms of the speed of first-day registrations.

The Russian registry is reporting that it broke through the 200,000 domains mark within the first six hours, after it opened its doors at noon local time today.

By my calculations, that’s less than half the time it took .co to hit the same benchmark, despite the fact that .co did not have the same residency requirements as .РФ.

Andrei Kolesnikov, director of the CCTLD Coordination Center, which runs the domain, told the GNSO Council mailing list:

This clearly demonstrates a great demand for domains in national languages and proves Russia’s position as a leader in terms of the dynamic of TLD launch.

There were already 18,000 .РФ domains before the floodgates opened this afternoon, following a sunrise period for trademark owners.

The TLD transliterates as .rf, for Russian Federation. The country has 142 million citizens and is believed to have almost 60 million internet users. The .ru namespace has about three million domains.

  • Page 1 of 2
  • 1
  • 2
  • >