Latest news of the domain name industry

Recent Posts

Free domains registrar gets FOURTH breach notice

Kevin Murphy, April 21, 2020, Domain Registrars

OpenTLD, the company that offers free and at-cost domain names under the Freenom brand, has received its fourth public breach of contract notice from ICANN.

The alleged violation concerns a specific expired domain — tensportslive.net — which was until its expiration last November hosting a Pakistani cricket blog.

ICANN claims OpenTLD failed to hand over copies of expiration notices it sent to the former registrant of the name, which expired November 12, despite repeated requests.

The blogger seems to have been royally screwed over by this situation.

ICANN first started badgering OpenTLD for its records on December 23, presumably alerting the company to the fact that its customer had a problem, when the domain had expired but was still recoverable.

ICANN contacted the registrar four more times about the domain before February 1, when it dropped and was promptly snapped up by DropCatch.com.

The public breach notice (pdf) was published February 27. OpenTLD has apparently since provided ICANN with data, which is being reviewed.

But it’s the fourth time the registrar has found itself in serious trouble with ICANN.

It got a breach notice in March 2015 after failing to file compliance paperwork.

Later that year, ICANN summarily suspended its accreditation — freezing its ability to sell domains — after the Dutch company was found to have been cybersquatting rival registrars including Key-Systems and NetEarth in order to poach business away from them.

That suspension was fought in an unprecedented arbitration case, but ICANN won and suspended the accreditation again that August.

It got another breach notice in 2017 for failing to investigate Whois accuracy complaints, which ICANN refers to in its current complaint.

OpenTLD/Freenom is perhaps best known as the registry for a handful of African ccTLD and Tokelau’s .tk, which is the second-largest TLD after .com by volume of registered domains.

Its business model is to give the names away for free and then monetize them after they expire or are deleted for abuse. In the gTLD space, it says it offers domains at the wholesale cost.

According to SpamHaus, over a third of .tk domains it sees are abusive.

Q3 industry growth driven by .tk, .com and .icu

Kevin Murphy, December 20, 2019, Domain Registries

The domain name industry grew by 5.1 million names in the third quarter, according to the latest Domain Name Industry Brief from Verisign.

September ended with 359.8 million names across the board, the DNIB (pdf) shows.

Half of the growth came from Tokelau’s .tk, which is handed out for free by Freenom and is where domains never delete. It grew by 2.6 million names to 25.1 million in the quarter.

Next biggest grower was Verisign’s own .com, which grew by 1.5 million names to end September with an even 144 million. Its red-headed sibling, .net, lost 200,000 names over the same period and ended the quarter on 13.4 million.

Excluding .com and .tk leaves just one million names worth of net growth across the remainder of the industry, which comprises another 1,515 TLDs.

Taiwan’s .tw, which has been going through a bit of a spurt over the last year or so, added 300,000 domains, but .uk, which was a driver in Q2, was flat at 13.3 million.

New gTLDs grew by one million during the quarter, ending at 24 million, according to the DNIB.

That appears to have been driven almost entirely by ShortDot’s cheapo .icu, which has been flying off the shelves in China all year. Zone file records show it added over a million domains in Q3. It currently has 4.2 million names in its zone.

When these domains start to drop, it will likely be on a scale to materially affect the overall industry numbers in future DNIBs.

Emoji domains get a 😟 after broad study

Kevin Murphy, October 28, 2019, Domain Tech

Domain names containing emojis are a security risk and not recommended, according to a pretty comprehensive review by an ICANN study group.

The Country-Code Names Supporting Organization has delivered the results of its 12-person, 18-month Emoji Study Group, which was tasked with looking into the problems emoji domains can cause, review current policy, and talk to ccTLD registries that currently permit emoji domains.

The ESG didn’t have a lot of power, and its recommendations are basically an exercise in can-kicking, but it’s easily the most comprehensive overview of the issues surrounding emoji domains that I’ve ever come across.

It’s 30 pages long, and you can read it here (pdf).

Emojis are currently banned in gTLDs, where ICANN has to approve new Unicode tables before they can be used by registries at the second level, under its internationalized domain name policy, IDNA 2008.

But ccTLDs, which are not contracted with ICANN, have a lot more flexibility. There are 15 ccTLDs — almost all representing small islands or low-penetration African nations — that currently permit emoji domains, the ESG found.

That’s about 6% of Latin-script ccTLDs out there today. These TLDs are .az, .cf, .fm, .je, .ga, .ge, .gg, .gq, .ml, .st, .to, .tk, .uz, .vu, and .ws.

Five of them, including .tk, are run by notorious freebie registry Freenom, but perhaps the best-known is .ws, where major brands such as Budweiser and Coca-Cola have run marketing campaigns in the past.

The main problem with emojis is the potential for confusing similarity, and the ESG report does a pretty good job of enumerating the ways confusability can arise. Take its comparison of multiple applications’ version of the exact same “grinning face” emoji, for example:

Emoji comparison

If you saw a domain containing one of those in marketing on one platform, would you be able to confidently navigate to the site on another? I doubt I would.

There’s also variations in how registrars handle emojis on their storefronts, the report found. On some you can search with an emoji, on others you’ll need to type out the xn-- prefixed Punycode translation longhand.

In terms of recommendations, the ESG basically just asked ICANN to keep an eye on the situation, to come to a better definition of what an emoji actually is, and to reach out for information to the ccTLDs accepting emojis, which apparently haven’t been keen on opening up so far.

Despite the lack of closure, it’s a pretty good read if you’re interested in this kind of thing.

New gTLDs rebound in Q2

Kevin Murphy, August 21, 2018, Domain Registries

New gTLD registration volumes reversed a long trend of decline in the second quarter, according to Verisign’s latest Domain Name Industry Brief.

The DNIB (pdf), published late last week, shows new gTLD domains up by 1.6 million sequentially to 21.8 million at the end of June, a 7.8% increase.

That’s the first time Verisign’s numbers have shown quarterly growth for new gTLDs since December 2016, five quarters of shrinkage ago.

Domains (millions)
Q3 201623.4
Q4 201625.6
Q1 201725.4
Q2 201724.3
Q3 201721.1
Q4 201720.6
Q1 201820.1
Q2 201821.8

The best-performing new gTLD across Q2 was .top according to my zone file records, adding about 600,000 names.

.top plays almost exclusively into the sub-$1 Chinese market and is regularly singled out as a spam-friendly zone. SpamHaus currently ranks it as almost 45% “bad”.

Overall, the domain universe saw growth of six million names, or 1.8%, finishing the quarter at 339.8 million names, according to Verisign.

Verisign’s own .com ended Q2 with 135.6 million domains, up from 133.9 million at the end of March.

That’s a sequential increase of 1.7 millions, only 100,000 more than the total net increase from the new gTLD industry.

.net is still suffering, however, flat in the period with 14.1 million names.

ccTLDs saw an increase of 3.5 million names, up 2.4%, to end June at 149.7 million, the DNIB states.

But that’s mainly as a result of free TLD .tk, which never deletes names. Stripping its growth out (Verisign and partner ZookNic evidently have access to .tk data now) total ccTLD growth would only have been 1.9 million names.

Verisign report deletes millions of domains from history

Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.

The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.

But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.

The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they are deleted for abuse expire.

It seems a change in the way .tk is counted (or estimated) is the cause of the dip.

Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.

Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.

But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.

In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.

I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.

Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:

In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.

Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.

Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.

The full Q4 report can be read here (pdf).

.tk registrar gets ICANN breach notice

Kevin Murphy, March 19, 2015, Domain Registrars

OpenTLD, the registrar owned by .tk registry Freenon, has received an odd contract-breach notice from ICANN.

The company apparently forgot to send ICANN a Compliance Certificate for 2014, despite repeated pestering by ICANN staff.

It’s the first time I’ve seen ICANN issue a breach notice (pdf) for this reason.

A Compliance Certificate, judging by the 2013 Registrar Accreditation Agreement, seems to be a simple form letter that the CEO must fill in, sign and submit once a year.

Coming back into compliance would be, one imagines, five minutes’ work.

As well as being an ICANN-accredited registrar, OpenTLD is part of Freenom. That’s the registry that repurposes under-used ccTLDs with a “freemium” model that allows free registrations.

Its flagship, .tk, is the biggest ccTLD in world, with over 30 million active names.

.tk passes 25 million domains

The .tk registry has become only the second TLD to pass 25 million domain names.

Netherlands-based Dot TK passed the milestone at the weekend, according to statistics posted on its web site, and today has 25,068,128 domains under management.

It’s grown by a whopping 837,703 names in the last 30 days alone.

That means Tokelau, the tiny island nation the ccTLD represents, has a nominal 17,900 domains per citizen.

The reason for the huge numbers is that .tk names are usually free to register anywhere in the world, with Dot TK using a freemium model through which it only makes money from add-on services.

.tk became the largest ccTLD last year, hitting 16.7 million names in April 2013 and passing Germany’s .de, which today has about 15.7 million domains under management.

Being free, you’d expect there to be a disproportionate amount of nefarious activity in .tk, but that does not appear to be the case any more.

The TLD doesn’t show up in the top 10 most abused TLDs in the most recent report of the Anti-Phishing Working Group (pdf).

Architelos says (pdf) it’s the 47th-safest out of 72 TLDs, scoring it better than .com, .net, .co and many other popular TLDs.

Tiny Tokelau now has the biggest ccTLD in the world

The .tk domain is now the biggest ccTLD in the world, according to the latest stats from Centr.

In its just-published biannual Domainwire Stat Report, Centr says that .tk had 16.7 million registered domains in April, taking the #1 spot in the league table for the first time.

It now out-ranks Germany’s .de (15.4 million), the United Kingdom’s .uk (10.5 million), China’s .cn (7.5 million) and the Netherland’s .nl (5.2 million), despite Tokelau having a population of less than 1,500.

The reason for its success, of course, is that .tk domains are free to register. The ccTLD frequently pops up towards the top of abuse lists for that very reason.

At 54.7%, .tk wasn’t the fastest-growing ccTLD over the six months covered by Centr’s report, however. That honor belongs to .cn, which bounced back from previous declines with an 82.7% growth rate.

ICANN accredits .tk registry as registrar

Kevin Murphy, March 12, 2013, Domain Registrars

Freedom Registry, the company behind the oft-criticized .tk domain registry, seems to have been accredited as an ICANN registrar.

The new registrar business goes by the name OpenTLD. Its domain name currently bounces visitors to Freedom’s home page.

Freedom manages .tk, the ccTLD for tiny Tokelau. It’s the fastest-growing TLD — currently the second-largest ccTLD after Germany’s .de — because it’s free to register .tk domains.

As a result, it’s also regularly recognized by the Anti-Phishing Working Group as one of the most-abused TLDs out there, though the company says its business model allows it turn off abusive domains at will.

Only 2% of phishing attacks use cybersquatted domain names

Kevin Murphy, October 25, 2012, Domain Registries

The number of cybersquatted domain names being used for phishing is falling sharply and currently stands at just 2% of attacks, according to the Anti-Phishing Working Group.

The APWG’s first-half 2012 report (pdf) identified 64,204 phishing domains in total.

Of those, the group believes that only 7,712 (12%) were actually registered by the phishers themselves. The rest belonged to innocent third parties and had been compromised.

That’s a steep drop from 12,895 domains in the second half of 2011 and 14,650 in the first half of 2011.

Of the 7,712 phisher-owned domains, about 66% were being use to phish Chinese targets, according to the APWG.

The group’s research found only 1,350 that contained a brand name or a misspelling of a brand name.

That’s down from 2,232 domains in the second-half of 2011, representing just 2% of all phishing domains and 17% of phisher-owned domains.

The report states:

Most maliciously registered domain strings offered nothing to confuse a potential victim. Placing brand names or variations thereof in the domain name itself is not a favored tactic, since brand owners are proactively scanning Internet zone files for such names.

As we have observed in the past, the domain name itself usually does not matter to phishers, and a domain name of any meaning, or no meaning at all, in any TLD, will usually do.

Instead, phishers almost always place brand names in subdomains or subdirectories. This puts the misleading string somewhere in the URL, where potential victims may see it and be fooled. Internet users are rarely knowledgeable enough to be able to pick out the “base” or true domain name being used in a URL.

Taken as a percentage of attacks, brand-jacking is clearly a pretty low-occurrence offence, according to the APWG’s numbers.

In absolute numbers, it works out to about 7.5 domain names per day that are being use to phish and contain a variation of the brand name being targeted.

Unsurprisingly, the APWG found that Freedom Registry’s .tk — which offers free registration — is the TLD being abused most often to register domains for phishing attacks.

More than half of the phisher-owned domains were in .tk, according to the report.