Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.
Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.
ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.
It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.
Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.
Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.
These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.
Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.
The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.
A Verisign spokesperson said the company “has implemented” the system.
The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.
Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.
Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.
Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.
Some have chosen to work with registration gateway providers in China to comply with the local rules.
Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.
Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.
Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.
This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.
It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.
However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.
Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.
The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.
But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.
The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they
are deleted for abuse expire.
It seems a change in the way .tk is counted (or estimated) is the cause of the dip.
Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.
Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.
But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.
In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.
I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.
Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:
In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.
Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.
Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.
The full Q4 report can be read here (pdf).
US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.
The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:
On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.
He did not comment further, beyond describing it as “kind of like a subpoena”.
Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.
Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.
ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.
But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.
It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.
It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.
Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.
The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.
It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.
The domain name industry is kicking off one of its most fundamental shifts in its plumbing this week.
Over the next two years, Verisign and every registrar that sells .com domains will have to rejigger their systems to convert .com from a “thin” to “thick” Whois.
This means that by February 1, 2019, Verisign will for the first time control the master database of all Whois records for .com domains, rather than it being spread piecemeal across all registrars.
The switch comes as a result of a years-in-the-making ICANN policy that officially came into force yesterday. It also applies to .com stablemates .net and .jobs.
The first big change will come August 1 this year, the deadline by which Verisign has to give all of its registrars the ability to submit thick Whois records both live (for new regs) and in bulk (for existing ones).
May 1, 2018 is the deadline for all registrars to start submitting thick Whois for new regs to Verisign, but they can start doing so as early as August this year if they want to.
Registrars have until February 1, 2019 to supply Verisign with thick Whois for all their existing registrations.
There’s a process for registrars who believe they would be violating local privacy laws by transferring this data to US-based Verisign to request an exemption, which may prevent the transition going perfectly uniformly.
Some say that the implementation of this policy may allow Verisign to ask for the ability to ask a for an increase in .com registry fees — currently frozen at the command of the US government — due to its inevitably increased costs.
Personally, I think the added costs will likely be chickenfeed compared to the cash-printing machine that is .com, so I think it’s far from a slam-dunk that such fee increases would be approved.
The Internet Commerce Association has called for a “moratorium” on the Uniform Rapid Suspension policy being added to legacy gTLD contracts, months before Verisign’s .net contract is up for renewal.
In a blog post, ICA counsel Phil Corwin accused ICANN staff of making policy by the back door by compelling pre-2012 registries to adopt URS, despite a lack of ICANN community consensus policy.
In the last few years the registries for .jobs, .travel, .cat, .pro, .xxx and most recently .mobi have agreed to adopt many aspects of the 2012 Registry Agreement, which includes the URS, often in exchange for lower ICANN fees.
the real test of [ICANN’s Global Domains Division’s] illicit strategy of incremental de facto policymaking will come later this year, when the .Net RA comes up for renewal. We have no idea whether Verisign will be seeking any substantial revisions to that RA that would provide GDD staff with substantial leverage to impose URS, nor do we know whether Verisign would be amenable to that tradeoff.
The .net RA is due to expire July 1 this year.
Verisign pays ICANN $0.75 for each .net domain registration, renewal and transfer. If that were to be reduced to the 2012 standard of $0.25, it would save Verisign at least $7.5 million a year.
The URS provides brand owners with a way to suspend trademark-infringing domains in clear-cut cases. It’s based on UDRP but is faster and cheaper and does not allow the brand owner to seize ownership of the domains.
ICA represents large domain speculators, most of which have their investments tied up in .com and .net domains. It’s complained about the addition of URS to other gTLDs but the complaints have largely fallen on deaf ears.
ICANN has said that it does not force URS on anyone, but that it takes the base new gTLD program RA as its starting point for bilateral negotiations with registries whose contracts are up for renewal.