Latest news of the domain name industry

Recent Posts

ICANN reveals 12 more data breaches

Kevin Murphy, November 20, 2015, Domain Registries

Twelve more new gTLD applicants have been found to have exploited a glitch in ICANN’s new gTLD portal to view fellow applicants’ data.

ICANN said last night that it has determined that all 12 access incidents were “inadvertent” and did not disclose personally identifiable information.

The revelation follows an investigation that started in April this year.

ICANN said in a statement:

in addition to the previous disclosures, 12 user credentials were used to access contact information from eight registry operators. Based on the information collected during the investigation it appears that contact information for registry operators was accessed inadvertently. ICANN also concluded that the exposed registry contact information does not appear to contain sensitive personally identifiable information. Each of the affected parties has been notified of the data exposure.

The glitch in question was a misconfiguration of a portal used by gTLD applicants to file and view their documents.

It was possible to use the portal’s search function to view attachments belonging to other applicants, including competing applicants for the same string.

Donuts said in June that the prices it was willing to pay at auction for gTLD string could have been inferred from the compromised data.

ICANN told compromised users in May that the only incidents of non-accidental data access could be traced to the account of Dirk Krischenowski, CEO of dotBerlin.

Krischenowski has denied any wrongdoing.

ICANN said last night that its investigation is now over.

XYZ says it won’t block censored Chinese domains

Kevin Murphy, November 6, 2015, Domain Registries

New gTLD registry has said it will not preemptively censor domain names based on the wishes of the Chinese government.

Over the last couple of days, CEO Daniel Negari has sought to “clarify” its plans to block and suspend domain names based on Chinese government requests.

It follows XYZ’s Registry Services Evaluation Request for a gateway service in the country, first reported by DI and subsequently picked up by the Electronic Frontier Foundation, a Wall Street Journal columnist, Fortune magazine and others.

The clarifications offered up by XYZ probably did more to confuse matters.

A blog post on Wednesday said that XYZ will not reserve any .xyz domain names from being registered, except those ICANN makes all new gTLD registries reserve.

Subsequent comments from Negari stated that XYZ will, as the RSEP stated, prevent names that have been banned in China from being registered.

However, there’s one significant difference.

Now, the registry is saying that it will only put those bans in place for domain names that have been specifically banned by the Chinese government when the name had already been registered by a Chinese registrant.

So, if I understand correctly, it would not preemptively ban anyone anywhere from registering [banned term].xyz.

However, if [banned term].xyz was registered to a Chinese resident and the Chinese government told the registry to suspend it, it would be suspended and nobody would be able to re-register it anywhere in the world.

Negari said in a blog comment yesterday:

if we receive a Chinese legal order tomorrow (before the gateway has launched) which requires disabling a domain name registered in China and properly under Chinese jurisdiction, then it will be disabled at the registry level, and not by the gateway. When the gateway launches the name will continue to be unavailable, and the gateway will not implement the action on a localized basis only in China. The normal registry system would continue to be the only system used to resolve the name globally. Again — the specific stability concern ICANN had was that we would use the Chinese gateway to make .xyz names resolve differently, depending on what country you are in. I completely agree that our [RSEP] re-draft to address that concern came out in a way that can be read in a way that we sincerely did not intend.

So there is a list of preemptively banned .xyz, .college, .rent, .security and .protection domains, compiled by XYZ from individual Chinese government requests targeting names registered to Chinese registrants.

Negari said in an email to DI yesterday:

To clarify the statement “XYZ will reserve domains,” we meant that XYZ will takedown domains in order to comply with “applicable law.” Unfortunately, the inaccuracies in your post caused people to believe that we were allowing the Chinese government to control what names could be registered or how they could be used by people outside of China. The idea that XYZ is going to impose Chinese law and prevent people outside of China from registering certain domain names is simply incorrect and not true. To be 100% clear, there is no “banned list.”

That was the first time anyone connected with XYZ had complained about the October 12 post, other than since-deleted tweets that corrected the size of the list from 40,000 domains to 12,000.

The RSEP (pdf) that causes all this kerfuffle has not been amended. It still says:

XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.

This fairly unambiguous statement is what XYZ says was “misinterpreted” by DI (and everyone else who read it).

However, it’s not just a couple of sentences taken out of context. The context also suggests preemptive banning of domains.

The very next sentence states:

When the Gateway is initially implemented we will not run into a problem whereby a Chinese registrant has already registered a name prohibited for registration by the Chinese government because Chinese registrars are already enforcing a prohibition on the registration of names that are in violation of Chinese law.

This states that Chinese residents are already being preemptively banned, by Chinese registrars, from registering domains deemed illegal in China.

The next few paragraphs of the RSEP deal with post-registration scenarios of domains being banned, clearly delineated from the paragraph dealing with pre-registration scenarios.

In his blog post, Negari said the RSEP “addressed the proactive abuse mitigation we will take to shut down phishing, pharming, malware, and other abuse in China”.

I can’t believe this is true. The consequence would be that if China sent XYZ a take-down notice about a malware or phishing site registered to a non-Chinese registrant, XYZ would simply ignore it.

Regardless, the takeaway today is that XYZ is now saying that it will not ban a domain before it has been registered, unless that domain has previously been registered by a Chinese resident and subsequently specifically banned by the Chinese government.

The registry says this is no different to how it would treat take-down notices issued by, for example, a US court. It’s part of its contractual obligation to abide by “applicable law”, it says.

Whether this is a policy U-turn or a case of an erroneous RSEP being submitted… frankly I don’t want to get into that debate.

Disclosure: during the course of researching this story, I registered .xyz domains matching (as far as this monoglot can tell) the Chinese words for “democracy”, “human rights”, “porn” and possibly “Tiananmen Square”. I have no idea if they have value and have no plans to develop them into web sites.

Credit card hack cost millions

Kevin Murphy, October 30, 2015, Domain Registrars is taking a $1 million per-quarter hit to its revenue as a result of August’s hacking attack.

It also incurred $400,000 in consulting, legal and credit monitoring fees in the third quarter as a result of the breach, CEO David Brown told analysts last night.

Some 93,000 credit card numbers were stolen during the attack, a small portion of its 3.3 million customers.

A number of customers jumped ship as a result of the attack, moving their domains elsewhere, which increased’s churn rate.

“Due to the subscription nature of our business, in the fourth and subsequent quarters we expect the breach will have about a $1 million negative impact on revenue per quarter due to the shortfall from Q3,” Brown said.

It added 15,000 customers in the quarter, lower than the 21,000 it added in Q2.

Net income for the quarter was $6.1 million, reversing a $3.4 million loss in the year-ago period, on revenue that was basically flat at $136.8 million, compared to $137.4 million a year ago.

In response to an analyst question, Brown also commented on the success, or lack thereof, of the company’s new gTLD business. He said:

That continues to be positive, but we’re not doing back-flips here. It’s not that positive. We think it’s good for the market, good for consumers and businesses to have more choices. But they’re not flying off the table. .com and .net and the original extensions still are the force in the marketplace. But as we see more gTLDs and as the market understands them and see the opportunity, we continue to believe that this will be a positive trend. But at this point, it’s not moving the needle in our business or likely in anyone’s business. owns registrars including Network Solutions and

Registrars warn of huge domain suspension scam

Kevin Murphy, October 28, 2015, Domain Registrars

Customers of at least half a dozen large registrars been targeted by an email malware attack that exploits confusion about takedown policies.

The fake suspension notices have been spammed to email addresses culled from Whois and are tailored to the registrar of record and the targeted domain name.

Customers of registrars including eNom,, Moniker, easyDNS, NameBright, Dynadot and Melbourne IT are among those definitely affected. I suspect it’s much more widespread.

The emails reportedly look like this:

Dear Sir/Madam,

The following domain names have been suspended for violation of the easyDNS Technologies, Inc. Abuse Policy:

Domain Name: DOMAIN.COM
Registrar: easyDNS Technologies, Inc.
Registrant Name: Domain Owner

Multiple warnings were sent by easyDNS Technologies, Inc. Spam and Abuse Department to give you an opportunity to address the complaints we have received.

We did not receive a reply from you to these email warnings so we then attempted to contact you via telephone.

We had no choice but to suspend your domain name when you did not respond to our attempts to contact you.

Click here and download a copy of complaints we have received.

Please contact us by email at for additional information regarding this notification.


easyDNS Technologies, Inc.
Spam and Abuse Department
Abuse Department Hotline: 480-124-0101

The “click here” invitation leads to a downloadable file, presumably containing malware.

Of course, the best way to check whether your domain name has been genuinely suspended or not is to use it — visit its web site, use its email, etc.

As domain suspensions become more regularly occurrences, due to ICANN policies on Whois accuracy for one reason, we can only expect more scams like these.

XYZ to put global block on domains banned in China

Kevin Murphy, October 12, 2015, Domain Registries plans to slap a global ban on domain names censored by the Chinese government.

Chinese words meaning things such as “human rights” and “democracy” are believed to be on the block list, which an industry source says could contain as many as 40,000 words, names and phrases.

(UPDATE: Gavin Brown, CTO of XYZ back-end CentralNic, tweeted that the list is nowhere near 40,000 names long.)

The registry seems to be planning to allow the Chinese government to censor its new gTLDs, which include .xyz, .college, .rent, .protection and .security, in every country of the world.

And it might not be the last non-Chinese registry to implement such a ban.

The surprising revelation came in a fresh Registry Services Evaluation Process request (pdf), filed with ICANN on Friday.

The RSEP asks ICANN to approve the use of a gateway service on the Chinese mainland, which the company says it needs in order to comply with Chinese law.

As previously reported, Chinese citizens are allowed to register domains in non-Chinese registries, but they may not activate them unless the registry complies with the law.

That law requires the registry to be located on the Chinese mainland. XYZ plans to comply by hiring local player ZDNS to proxy its EPP systems and mirror its Whois.

But the Chinese government also bans certain strings — which I gather are mostly but not exclusively in Chinese script — from being registered in domain names.

Rather than block them at the ZDNS proxy, where only Chinese users would be affected, XYZ has decided to ban them internationally.

Registrants in North America or Europe, for example, will not be able to register domains that are banned in China. XYZ said in its RSEP:

XYZ will reserve names prohibited for registration by the Chinese government at the registry level internationally, so the Gateway itself will not need to be used to block the registration of of any names. Therefore, a registrant in China will be able to register the same domain names as anyone else in the world.

It seems that XYZ plans to keep its banned domain list updated as China adds more strings to its own list, which I gather it does regularly.

Customers outside of China who have already registered banned domains will not be affected, XYZ says.

If China subsequently bans more strings, international customers who already own matching domains will also not be affected, it says.

CEO Daniel Negari told DI: “To be clear, we will not be taking action against names registered outside of China based on Chinese government requests.”

But Chinese registrants do face the prospect losing their domains, if China subsequently bans the words and XYZ receives a complaint from Chinese authorities.

“We treat requests from the Chinese government just like we treat requests from the US government or any other government,” Negari said.

“When we receive a valid government or court order to take action against a name and the government has jurisdiction over the registration, we will take action the registration,” he said.

Up to a third of the .xyz zone — about three hundred thousand names — is believed to be owned by Chinese registrants who are currently unable to actually use their names.

The company clearly has compelling business reasons to comply with Chinese law.

But is giving the Chinese government the ongoing right to ban tens of thousands of domain names internationally a step too far?

ICANN allows anyone to file public comments on RSEP requests. I expect we’ll see a few this time.