Latest news of the domain name industry

Recent Posts

Verisign to keep price increase power under new .net contract

Kevin Murphy, April 21, 2017, Domain Registries

The wholesale price of a .net domain is likely to top $15 by 2023, under a proposed renewal of its ICANN contract revealed today.

ICANN-imposed price caps are staying in the new Registry Agreement, but Verisign retains the right to increase its fees by 10% in each of the six years of the deal’s lifespan.

But domain investors do have at least one reason to be cheerful — while the contract adds many features of the standard new gTLD registry agreement, it does not include a commitment to implement the Uniform Rapid Suspension anti-cybersquatting procedure.

The current .net annual fee charged to registrars is $8.95 — $8.20 for Verisign, $0.75 for ICANN — but Verisign will continue to be allowed to increase its portion by up to 10% a year.

That means the cost of a .net could hit $15.27 wholesale (including the $0.75 ICANN fee) by the time the proposed contract expires in 2023.

Verisign has form when it comes to utilizing its price-raising powers. It exercised all six options under its current contract, raising its share of the fee from $4.65 in 2011.

On the bright side for volume .net holders, the prices increases continue to be predictable. ICANN has not removed the price caps.

Also likely to cheer up domainers is the fact that there are no new intellectual property protection mechanisms in the proposed contract.

Several post-2000 legacy gTLDs have agreed to incorporate the URS into their new contracts, leading to outrage from domainer organization the Internet Commerce Association.

ICA is worried that URS will one day wind up in .com without a proper ICANN community consensus, opening its members up to more risk of losing valuable domains.

The fact that URS is not being slipped into the .net contract makes it much less likely to be forced on .com too.

But Verisign has agreed to several mostly technical provisions that bring it more into line with the standard 2012-round new gTLD RA.

For example, it appears that daily .net zone files will become accessible via ICANN’s Centralized Zone Data Service before the end of the year.

Verisign has also agreed to standardize the format of its data escrow, Whois and monthly transaction reports.

The company has also agreed to start discussions about handing .net over to an emergency back-end operator in the event it files for bankruptcy.

The current contract is due to expire at the end of June and the proposed new deal would kick in July 1.

It’s now open for public comment until June 13.

Now new gTLDs are being scapegoated for child abuse material (rant)

The guy responsible for getting the string “rape” closely restricted for no reason in .uk domain names is now gunning for ICANN and new gTLDs with a very similar playbook.

Campaigner John Carr, secretary of the little-known Children’s Charities’ Coalition on Internet Safety, wants ICANN to bring in strict controls to prevent convicted pedophiles registering domains in child-oriented domains such as .kids.

He’s written to the UK prime minister, the two other ministers with the relevant brief, the US federal government and the California attorney general to make these demands.

That’s despite the fact that he freely acknowledges that he does not have any evidence of a problem in existing kid-oriented TLDs and that he does not expect there to be a problem with .kids, should it be delegated, in future.

Regardless, ICANN comes in for a bit of a battering in the letter (pdf), with Carr insinuating that it and the domain industry are quite happy to throw child safety under the bus in order to make a quick buck. He writes:

ICANN has definitely not been keeping the internet secure for children. On the contrary ICANN shows complete indifference towards children’s safety. This has led to real dangers that ICANN could have prevented or mitigated.

ICANN, the Registries and the Registrars have an obvious financial interest in increasing the number of domain names being sold. Their interest in maximising or securing their revenues appears sometimes to blind them to a larger obligation to protect the weak and vulnerable e.g. in this instance children.

Despite this worrying premise, Carr admits in an accompanying paper (pdf) that the Russian version of .kids (.дети), which has been live for three years and only has about 1,000 registrations, does not seem to have experienced a deluge of sex offenders.

Nevertheless, he says ICANN should have forced the .дети registry to do criminal background checks on all registrants to make sure they did not have a record of sexual offences.

While at the time of writing we have no information which suggests anything untoward has happened with any Russian .kids websites, and we understand the volume of sales has been low so far, the matter should never have been left open in that way. When ICANN let the contract it could have included clauses which would have made it a contractual obligation to carry out the sort of checks mentioned. The fact that ICANN did not do this illustrates a degree of carelessness about children’s well-being which is tantamount to gross negligence.

Quite how a domain registry would go about running criminal records checks on all of its customers globally, and what the costs and the benefits would be, Carr does not say.

The letter goes on to state incorrectly that Amazon and Google are in contention for .kids.

In fact, Google applied for the singular .kid. While the two strings are in contention due to an adverse String Confusion Objection, there’s also a second applicant for .kids, the DotKids Foundation, which proposes to keep .kids highly restricted and which Carr is either unaware of or deliberately omits from his letter.

Based on his assumption that .kids is a two-horse race between Amazon and Google, he says:

while I am sure both Google and Amazon will choose to do the right thing, whichever one is the eventual winner of the contract, the point is matters of this kind should never have been left as an option

So not only does Carr not have any evidence that extant “.kids” domains are currently being abused years after delegation, he’s also sure that .kids won’t be in future.

But he wants Draconian background checks implemented on all registrants anyway.

His letter coincides with the release of and heavily cites the 2016 annual report (pdf) of the Internet Watch Foundation — the organization that coordinates the takedown of child abuse material in the UK and elsewhere.

That report found that new gTLD domains are being increasingly used to distribute such material, but that Verisign-run TLDs such as .com are still by far the most abused for this purpose.

The number of takedowns against new gTLD domains in 2016 was 272 (226 of which were “dedicated to distributing child sexual abuse content”) the IWF reported, a 258% increase on 2015.

That’s 272 domains too many, but averages out at about a quarter of a domain per new gTLD.

There were 2,416 domains being used to distribute this material in 2016, IWF said. That means new gTLDs accounted for about 11% of the total child abuse domains — higher than the 7.8% market share that new gTLDs command (according to Verisign’s Q4 industry brief).

But the IWF report states that 80% of the total abuse domains are concentrated in just five TLDs — .com, .net, .se, .io, and .cc. Even child abusers are not fans of new gTLDs, it seems.

Despite the fact that two of these domains are operated under ICANN contract, and the fact that .io is operated by a British company representing a British overseas territory, Carr focuses his calls for action instead on new gTLDs exclusively.

And his calls are receiving attention.

A The Times article this week cries “New internet domain is magnet for paedophiles, charities warn”, while tabloid stable sister The Sun reported on “fears predators are exploiting new website addresses to hide indecent material”.

This is how it started with Carr’s campaign to get “rape” domains banned in the UK.

Back in 2013, he wrote a blog post complaining that it was possible to register “rapeher.co.uk” — not that it had been registered, only that it could be registered — and managed to place a couple of stories in the right-leaning press calling for Nominet to do more to prevent the registration of “depraved and disgusting” domains such as the one he thought up.

This led to a government minister calling for an independent policy review, an actual review, and a subsequent policy that sees some poor bastard at Nominet having to pore over every .uk registration containing rapey strings to see if they’re potentially advocating or promoting actual rape.

Implementation of that policy has so far confirmed that Carr’s worries were, as I said in my 2013 rant, baseless.

In 2016, there were 2,407 registrations of domains containing the string “rape”, but just one of them was found to be using it in the context of sexual assault and was suspended, according to Nominet stats.

In 2015, the number of suspensions was the same. One.

The same story is playing out now — a single Don Quixote with a tenuous grasp of the systems he’s criticizing calling for ludicrous policies to prevent a problem that he freely admits does not exist and probably won’t exist in future.

Still, at least he gets to wave some headlines in front of his employers to pretend he’s actually earning his salary.

How .com became a restricted TLD

Verisign has been given approval to start restricting who can and cannot register .com and .net domain names in various countries.

Customers of Chinese registrars are the first to be affected by the change to the registry’s back-end system, which was made last year.

ICANN last week gave Verisign a “free to deploy” notice for a new “Verification Code Extension” system that enables the company to stop domains registered via selected registrars from resolving unless the registrant’s identity has been verified and the name is not on China’s banned list.

It appears to be the system Verisign deployed in order to receive its Chinese government license to operate in China.

Under Verification Code Extension, Verisign uses ICANN records to identify which registrars are based in countries that have governmental restrictions. I believe China is currently the only affected country.

Those registrars are able to register domains normally, but Verisign will prevent the names from resolving (placing them in serverHold status and keeping them out of the zone file) unless the registration is accompanied by a verification code.

These codes are distributed to the affected registrars by at least two verification service providers. Verisign, in response to DI questions, declined to name them.

Under its “free to deploy” agreement with ICANN (pdf), Verisign is unable to offer verification services itself. It must use third parties.

The company added the functionality to its .com and .net registry as an option in February 2016, according to ICANN records. It seems to have been implemented last July.

A Verisign spokesperson said the company “has implemented” the system.

The Verification Code Extension — technically, it’s an extension to the EPP protocol pretty much all registries use — was outlined in a Registry Services Evaluation Process request (pdf) last May, and approved by ICANN not long after.

Verisign was approved to operate in China last August in the first wave of gTLD registries to obtain government licenses.

Under Chinese regulations, domain names registered in TLDs not approved by the government may not resolve. Registrars are obliged to verify the identities of their registrants and names containing certain sensitive terms are not permitted.

Other gTLDs, including .vip, .club, .xyz .site and .shop have been granted approval over the last few months.

Some have chosen to work with registration gateway providers in China to comply with the local rules.

Apart from XYZ.com and Verisign, no registry has sought ICANN approval for their particular implementation of Chinese law.

Because Chinese influence over ICANN is a politically sensitive issue right now, it should be pointed out that the Verification Code Extension is not something that ICANN came up with in response to Chinese demands.

Rather, it’s something Verisign came up with in response to Chinese market realities. ICANN has merely rubber-stamped a service requested by Verisign.

This, in other words, is a case of China flexing market muscle, not political muscle. Verisign, like many other gTLD registries, is over-exposed to the Chinese market.

It should also be pointed out for avoidance of doubt that the Chinese restrictions do not apply to customers of non-Chinese registrars.

However, it appears that Verisign now has a mechanism baked into its .com and .net registries that would make it much easier to implement .com restrictions that other governments might choose to put into their own legislation in future.

Verisign report deletes millions of domains from history

Verisign has dramatically slashed its estimates for the number of domains in existence in its quarterly Domain Name Industry Brief reports, two of which were published this week.

The headline number for the end of the fourth quarter is 329.3 million, a 0.7% increase sequentially and a 6.8% increase annually.

But it’s actually a lower number than Verisign reported in its second-quarter report just five months ago, which was 334.6 million.

The big swinger, as you may have guessed if you track this kind of thing, was .tk, the Freenom ccTLD where names are given away for free and then reclaimed and parked by the registry when they are deleted for abuse expire.

It seems a change in the way .tk is counted (or estimated) is the cause of the dip.

Verisign gets its gTLD data for the report from ICANN-published zone files and its ccTLD data from independent researcher Zooknic.

Problem is, Zook hasn’t had up-to-date data on .tk for a couple of years, so every DNIB published since then has been based on its December 2014 numbers.

But with the Q3 report (pdf), Zook revised its .tk estimates down by about six million names.

In earlier reports, the ccTLD was being reported at about 25 million names (exact numbers were not given), but now that’s been slashed to 18.7 million, relegating it to the second-largest ccTLD after China’s .cn, which has 21.1 million.

I’ve asked Freenom to confirm the latest numbers are correct and will update this post if I get a response.

Verisign does not say what caused the decision to scale down .tk’s numbers, but explains what happened like this:

In Q3 2016, Zooknic reported a significant decline in the .tk zone and restated the estimated zone size of .tk for each quarter from Q4 2014 through Q3 2016 using a proprietary methodology. As a result, for comparative purposes of this DNIB to the Q3 2016 DNIB and the Q4 2015 DNIB, Verisign has applied an updated estimate of the total zone size across all TLDs for Q3 2016 of 327.0 million and Q4 2015 of 307.7 million and an updated estimate of the total ccTLD zone size for Q3 2016 of 140.1 million and Q4 2015 of 138.1 million.

Apples-to-apples comparisons in the Q4 report show the ccTLD universe was up to 142.7 million names, a 1.8% sequential increase and up 3.1% on 2015. Excluding .tk, annual growth was 6.9%.

Verisign’s own .com and .net combined grew 1.7% to 142.2 million names at the end of the year, one percentage point smaller than their 2015 growth.

The full Q4 report can be read here (pdf).

Antitrust feds probing Verisign’s .web deal

Kevin Murphy, February 10, 2017, Domain Policy

US antitrust authorities are investigating Verisign over its anticipated operation of the .web gTLD.

The probe was disclosed by company CEO Jim Bidzos in yesterday’s fourth-quarter earnings call. He said:

On January 18, 2017, the company received a Civil Investigative Demand from the Antitrust Division of the US Department of Justice, requesting certain information related to Verisign’s potential operations of the .web TLD. The CID is not directed at Verisign’s existing registry agreements.

He did not comment further, beyond describing it as “kind of like a subpoena”.

Verisign acquired the rights to run .web at an ICANN last-resort auction last July, agreeing to pay $135 million.

Rather than applying for the gTLD itself, it secretly bankrolled shell company Nu Dot Co, which intends to transfer its .web contract to Verisign after it is signed.

ICANN is being sued by rival applicant Donuts, which claims NDC should have been banned from the auction. Afilias, the auction runner up, is also challenging the outcome.

But this new DoJ investigation, if we take Bidzos’ words at face value, appears to focus on what Verisign plans to do with .web once it is live.

It’s the view of many that .web would be the new gTLD best positioned as an alternative to .com, which makes Verisign hundreds of millions of dollars a year.

It’s my view that it would make perfect sense for Verisign to flush the $135 million and bury .web, rather than have a viable competitor on the market.

Verisign has repeatedly said that intends to “grow and widely distribute .web”, words Bidzos repeated last night.

The investigation is likely into whether Verisign wants to actually raise .web, or strangle it in its crib.

It seems the investigation was launched in the dying days of the Obama administration, so the recent changing of the guard at Justice — Attorney General Jeff Sessions was confirmed by Congress just two days ago — may have an impact on how it plays out.